CVE-2022-25743

HIGH

Qualcomm APQ8009 Firmware - Use-After-Free in Graphics Buffer Import

Title source: llm

Description

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

References (2)

Core 2

Core References

Patch, Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/november-2022-bulletin

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/172663/Qualcomm-Adreno-KGSL-Unchecked-Cast-Type-Confusion.html

Scores

CVSS v3 8.4

EPSS 0.0016

EPSS Percentile 37.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (50)

qualcomm/apq8009_firmware

qualcomm/apq8009w_firmware

qualcomm/apq8017_firmware

qualcomm/apq8052_firmware

qualcomm/apq8056_firmware

qualcomm/apq8064au_firmware

qualcomm/apq8076_firmware

qualcomm/apq8096au_firmware

qualcomm/aqt1000_firmware

qualcomm/ar8031_firmware

... and 40 more

Published Nov 15, 2022

Tracked Since Feb 18, 2026