CISA KEV 정보
| 취약점명 | Qualcomm Multiple Chipsets Use-After-Free Vulnerability |
|---|---|
| 설명 | Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress. |
| 조치사항 | Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-416 |
| 등록일 (KEV) | 2023-12-05 |
| 조치 기한 | 2023-12-26 |
| 추가 참고 | This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/586840fde350d7b8563df9889c8ce397e2c20dda; https://nvd.nist.gov/vuln/detail/CVE-2022-22071 |
NVD 상세 정보
CVSS v3.1: 8.4 HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C설명: Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE: CWE-416 | CWE-416
참조
- https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin [Patch, Vendor Advisory]
- https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin [Patch, Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22071 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.