CVE-2022-25716 - Vulnerability Details - OpenCVE

Memory corruption in Multimedia Framework due to unsafe access to the data members

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Qualcomm	Sd888 5g Sd888 5g Firmware Wcd9380 Wcd9380 Firmware Wcd9385 Wcd9385 Firmware Wcn6850 Wcn6850 Firmware Wcn6851 Wcn6851 Firmware Wsa8830 Wsa8830 Firmware Wsa8835 Wsa8835 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd888_5g:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn6850:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn6851:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin

History

Wed, 09 Apr 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2023-01-06T04:56:04.587Z

Updated: 2025-04-09T19:56:37.512Z

Reserved: 2022-02-22T11:38:09.297Z

Link: CVE-2022-25716

Vulnrichment

Updated: 2024-08-03T04:49:43.668Z

NVD

Status : Modified

Published: 2023-01-09T08:15:11.367

Modified: 2025-04-09T20:15:19.127

Link: CVE-2022-25716

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-25716", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "state": "PUBLISHED", "assignerShortName": "qualcomm", "dateReserved": "2022-02-22T11:38:09.297Z", "datePublished": "2023-01-06T04:56:04.587Z", "dateUpdated": "2025-04-09T19:56:37.512Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Snapdragon Mobile"], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "SD888 5G"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WCN6850"}, {"status": "affected", "version": "WCN6851"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8835"}]}], "descriptions": [{"lang": "en", "value": "Memory corruption in Multimedia Framework due to unsafe access to the data members"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2023-01-09T07:07:39.912Z"}, "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin"}], "title": "Time-of-check Time-of-use Race Condition in Multimedia Framework", "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:49:43.668Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-367", "lang": "en", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-09T19:56:33.277026Z", "id": "CVE-2022-25716", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T19:56:37.512Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:49:43.668Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-25716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-09T19:56:33.277026Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-09T19:56:29.582Z"}}], "cna": {"title": "Time-of-check Time-of-use Race Condition in Multimedia Framework", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Qualcomm, Inc.", "product": "Snapdragon", "versions": [{"status": "affected", "version": "SD888 5G"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WCN6850"}, {"status": "affected", "version": "WCN6851"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8835"}], "platforms": ["Snapdragon Mobile"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin"}], "descriptions": [{"lang": "en", "value": "Memory corruption in Multimedia Framework due to unsafe access to the data members"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2023-01-09T07:07:39.912Z"}}}, "cveMetadata": {"cveId": "CVE-2022-25716", "state": "PUBLISHED", "dateUpdated": "2025-04-09T19:56:37.512Z", "dateReserved": "2022-02-22T11:38:09.297Z", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "datePublished": "2023-01-06T04:56:04.587Z", "assignerShortName": "qualcomm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B991D515-9072-488F-B338-D7776C70FB62", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd888_5g:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F65BF0A-CC8F-4A4B-9FD4-7FC7066424F6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "70292B01-617F-44AD-AF77-1AFC1450523D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA94C6D6-85DB-4031-AAF4-C399019AE16D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "92B17201-8185-47F1-9720-5AB4ECD11B22", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1FA2EB9-416F-4D69-8786-386CC73978AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3293739B-53D5-48C1-BC3A-FAA74D6C7954", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcn6850:-:*:*:*:*:*:*:*", "matchCriteriaId": "E650C510-037F-47DB-A486-EBF871C73278", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD031A8D-A48A-4363-8C00-C1FF5458D0FB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcn6851:-:*:*:*:*:*:*:*", "matchCriteriaId": "64F5D7CA-6F31-4842-AC66-EB975C19C83D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory corruption in Multimedia Framework due to unsafe access to the data members"}, {"lang": "es", "value": "Corrupci\u00f3n de la memoria en Multimedia Framework debido al acceso inseguro a los miembros de los datos"}], "id": "CVE-2022-25716", "lastModified": "2025-04-09T20:15:19.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "product-security@qualcomm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-09T08:15:11.367", "references": [{"source": "product-security@qualcomm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-367"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}