CVE-2022-22077

HIGH

Qualcomm SD 8 Gen1 5G Firmware - Use-After-Free in Graphics Dispatcher Logic

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-22077. PoCs published by grisuno.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-22077, targeting the RTCore64.sys driver to achieve arbitrary kernel memory read/write, leading to local privilege escalation (LPE) to SYSTEM. The exploit leverages exposed IOCTL interfaces for token manipulation and process elevation.

Description

Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile

Exploits (2)

nomisec WORKING POC 3 stars

by grisuno · poc

https://github.com/grisuno/CVE-2022-22077

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-22077, targeting the RTCore64.sys driver to achieve arbitrary kernel memory read/write, leading to local privilege escalation (LPE) to SYSTEM. The exploit leverages exposed IOCTL interfaces for token manipulation and process elevation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: MSI Center / Dragon Center (RTCore64.sys driver)

Auth required

Prerequisites: SeLoadDriverPrivilege · Disabled HVCI/VBS · Presence of vulnerable RTCore64.sys driver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control T1055 - Process Injection T1003 - OS Credential Dumping

devstral-2 · analyzed Feb 16, 2026 Full analysis →

gitlab WORKING POC

by grisuno · poc

https://gitlab.com/grisuno/CVE-2022-22077

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-22077, targeting the RTCore64.sys driver. The exploit leverages arbitrary read/write primitives to perform a token-stealing attack, escalating privileges to SYSTEM by overwriting the token of the current process with that of the SYSTEM process.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: RTCore64.sys (Micro-Star International)

Auth required

Prerequisites: SeLoadDriverPrivilege · HVCI/VBS disabled · RTCore64.sys driver loaded

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Jun 08, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin

Scores

CVSS v3 8.4

EPSS 0.0013

EPSS Percentile 2.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (8)

qualcomm/sd_8_gen1_5g_firmware

qualcomm/wcd9380_firmware

qualcomm/wcn6855_firmware

qualcomm/wcn6856_firmware

qualcomm/wcn7850_firmware

qualcomm/wcn7851_firmware

qualcomm/wsa8830_firmware

qualcomm/wsa8835_firmware

Published Oct 19, 2022

Tracked Since Feb 18, 2026