CVE-2022-22071

HIGH KEV

Snapdragon - Use After Free

Title source: llm

Description

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

References (2)

[Patch, Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22071

Scores

CVSS v3 8.4

EPSS 0.0055

EPSS Percentile 68.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-12-05

VulnCheck KEV 2023-10-02

InTheWild.io 2023-10-03

ENISA EUVD EUVD-2022-27225

CWE

CWE-416

Status published

Products (50)

qualcomm/apq8053_firmware

qualcomm/ar8031_firmware

qualcomm/ar8035_firmware

qualcomm/csra6620_firmware

qualcomm/csra6640_firmware

qualcomm/mdm9150_firmware

qualcomm/msm8953_firmware

qualcomm/qca6174a_firmware

qualcomm/qca6390_firmware

qualcomm/qca6391_firmware

... and 40 more

Published Jun 14, 2022

KEV Added Dec 05, 2023

Tracked Since Feb 18, 2026