high
7.8
CWE
120
Advisory Published
Updated

CVE-2022-33226: Buffer copy without checking the size of input in Core

First published: Tue Jun 06 2023(Updated: )

Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.

Credit: product-security@qualcomm.com product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
Google Android
Google Android
Google Android
Qualcomm Wcn3991
Google Android
Google Android
Qualcomm Wcn685x-5 Firmware
Qualcomm Wcn685x-5
Qualcomm Wcn685x-1 Firmware
Qualcomm Wcn685x-1
Qualcomm Wcn785x-1 Firmware
Qualcomm Wcn785x-1
Qualcomm Wcn785x-5 Firmware
Qualcomm Wcn785x-5
Qualcomm Qam8255p Firmware
Qualcomm Qam8255p
Google Android
Qualcomm Qca6420
Qualcomm Qca6430 Firmware
Google Android
Google Android
Qualcomm Qca6574au
Google Android
Google Android
Qualcomm Qca6698aq Firmware
Qualcomm Qca6698aq
Qualcomm Qca6797aq Firmware
Qualcomm Qca6797aq
Qualcomm Sa8255p Firmware
Qualcomm Sa8255p
Google Android
Google Android
Qualcomm Sm8450 Firmware
Qualcomm Sm8450
Qualcomm Sm8150 Firmware
Qualcomm Sm8150
Qualcomm Sm8150-ac Firmware
Qualcomm Sm8150-ac
Qualcomm Sm8350 Firmware
Qualcomm Sm8350
Qualcomm Sm8350-ac Firmware
Qualcomm Sm8350-ac
Qualcomm Snapdragon Wear 4100\+ Platform Firmware
Qualcomm Snapdragon Wear 4100\+ Platform
Qualcomm Wcd9341 Firmware
Google Android
Google Android
Google Android
Google Android
Google Android
Qualcomm Wcn3610 Firmware
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
All of
Google Android
Google Android
All of
Google Android
Qualcomm Wcn3991
All of
Google Android
Google Android
All of
Qualcomm Wcn685x-5 Firmware
Qualcomm Wcn685x-5
All of
Qualcomm Wcn685x-1 Firmware
Qualcomm Wcn685x-1
All of
Qualcomm Wcn785x-1 Firmware
Qualcomm Wcn785x-1
All of
Qualcomm Wcn785x-5 Firmware
Qualcomm Wcn785x-5
All of
Qualcomm Qam8255p Firmware
Qualcomm Qam8255p
All of
Google Android
Qualcomm Qca6420
All of
Qualcomm Qca6430 Firmware
Google Android
All of
Google Android
Qualcomm Qca6574au
All of
Google Android
Google Android
All of
Qualcomm Qca6698aq Firmware
Qualcomm Qca6698aq
All of
Qualcomm Qca6797aq Firmware
Qualcomm Qca6797aq
All of
Qualcomm Sa8255p Firmware
Qualcomm Sa8255p
All of
Google Android
Google Android
All of
Qualcomm Sm8450 Firmware
Qualcomm Sm8450
All of
Qualcomm Sm8150 Firmware
Qualcomm Sm8150
All of
Qualcomm Sm8150-ac Firmware
Qualcomm Sm8150-ac
All of
Qualcomm Sm8350 Firmware
Qualcomm Sm8350
All of
Qualcomm Sm8350-ac Firmware
Qualcomm Sm8350-ac
All of
Qualcomm Snapdragon Wear 4100\+ Platform Firmware
Qualcomm Snapdragon Wear 4100\+ Platform
All of
Qualcomm Wcd9341 Firmware
Google Android
All of
Google Android
Google Android
All of
Google Android
Google Android
All of
Qualcomm Wcn3610 Firmware
Google Android
All of
Google Android
Google Android
All of
Google Android
Google Android
All of
Google Android
Google Android
All of
Google Android
Google Android
All of
Google Android
Google Android
All of
Google Android
Google Android
All of
Google Android
Google Android

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-33226?

    The severity of CVE-2022-33226 is high with a CVSS score of 7.8.

  • How does CVE-2022-33226 affect Android devices?

    CVE-2022-33226 affects Android devices running Qualcomm AQ Series, WCN Series, WCD Series, QAM Series, QCA Series, QCA64 Series, QCA65 Series, QCA67 Series, QCA67 Series, QCA67 Series, QCA69 Series, QSA Series, SD Series, SM Series, Wear 4100+ Platform, and WSA Series.

  • What is the vulnerability description of CVE-2022-33226?

    CVE-2022-33226 is a memory corruption vulnerability in the Core component of Android, which occurs due to a buffer copy without checking the size of the input when processing ioctl commands from diag client applications.

  • How can I fix CVE-2022-33226?

    To fix CVE-2022-33226, it is recommended to apply the security patch provided by Qualcomm.

  • Where can I find more information about CVE-2022-33226?

    You can find more information about CVE-2022-33226 on the official Qualcomm Product Security Bulletin for June 2023.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203