CVE-2022-22071
HIGH KEVQualcomm APQ8053 Firmware - Use-After-Free via IOCTL Munmap Call
Title source: llmExploitation Summary
CVE-2022-22071 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 5, 2023.
Description
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22071
Scores
CVSS v3
8.4
EPSS
0.0055
EPSS Percentile
68.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-12-05
VulnCheck KEV
2023-10-02
InTheWild.io
2023-10-03
ENISA EUVD
EUVD-2022-27225
CWE
CWE-416
Status
published
Products (50)
qualcomm/apq8053_firmware
qualcomm/ar8031_firmware
qualcomm/ar8035_firmware
qualcomm/csra6620_firmware
qualcomm/csra6640_firmware
qualcomm/mdm9150_firmware
qualcomm/msm8953_firmware
qualcomm/qca6174a_firmware
qualcomm/qca6390_firmware
qualcomm/qca6391_firmware
... and 40 more
Published
Jun 14, 2022
KEV Added
Dec 05, 2023
Tracked Since
Feb 18, 2026