CVE-2022-22071

CVSS 8.4 HIGHEPSS 0.4%● KEVCWE-416

In short

A memory management flaw allows attackers to access or manipulate freed memory while a process is initializing, potentially leading to system crashes or code execution on Snapdragon devices.

Technical detail

Use-after-free vulnerability in process shell memory deallocation via IOCTL munmap during process initialization. Attack vector requires local access to trigger the race condition between memory freeing and ongoing process setup, enabling arbitrary memory access with HIGH severity impact across multiple Snapdragon platforms.

Summary generated and translated by AI from the official description.

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Qualcomm, Inc. · Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22071 https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin