high
8.4
CWE
120
Advisory Published
CVE Published
Updated

CVE-2022-40540: Buffer copy without checking the size of input in Linux Kernel

First published: Mon Mar 06 2023(Updated: )

Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.

Credit: product-security@qualcomm.com product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
Android
Qualcomm Snapdragon 8 Gen 1 Firmware
Qualcomm SM8475P
Qualcomm Snapdragon 888 5G Firmware
Qualcomm Snapdragon 888 5G
Qualcomm SW5100P
Qualcomm SW5100P
Qualcomm SW5100 Firmware
Qualcomm SW5100 Firmware
Qualcomm WCD9380
Qualcomm WCD9380 Firmware
Qualcomm WCD9385
Qualcomm WCD9385 Firmware
Qualcomm Wcn3980
qualcomm wcn3980 firmware
qualcomm wcn3988 firmware
Qualcomm WCN3988
Qualcomm WCN6850 Firmware
Qualcomm WCN6850 Firmware
Qualcomm WCN6851 Firmware
Qualcomm WCN6851 Firmware
Qualcomm WCN6855 Firmware
Qualcomm WCN6855 Firmware
Qualcomm WCN6856 Firmware
Qualcomm WCN6856
Qualcomm WCN7850 Firmware
Qualcomm WCN7850 Firmware
Qualcomm WCN7851
Qualcomm WCN7851 Firmware
Qualcomm WSA8830
Qualcomm WSA8830
Qualcomm WSA8835
Qualcomm WSA8835 Firmware
All of
Qualcomm SM8475P
Qualcomm Snapdragon 8 Gen 1 Firmware
All of
Qualcomm Snapdragon 888 5G
Qualcomm Snapdragon 888 5G Firmware
All of
Qualcomm SW5100P
Qualcomm SW5100P
All of
Qualcomm SW5100 Firmware
Qualcomm SW5100 Firmware
All of
Qualcomm WCD9380 Firmware
Qualcomm WCD9380
All of
Qualcomm WCD9385 Firmware
Qualcomm WCD9385
All of
qualcomm wcn3980 firmware
Qualcomm Wcn3980
All of
Qualcomm WCN3988
qualcomm wcn3988 firmware
All of
Qualcomm WCN6850 Firmware
Qualcomm WCN6850 Firmware
All of
Qualcomm WCN6851 Firmware
Qualcomm WCN6851 Firmware
All of
Qualcomm WCN6855 Firmware
Qualcomm WCN6855 Firmware
All of
Qualcomm WCN6856
Qualcomm WCN6856 Firmware
All of
Qualcomm WCN7850 Firmware
Qualcomm WCN7850 Firmware
All of
Qualcomm WCN7851 Firmware
Qualcomm WCN7851
All of
Qualcomm WSA8830
Qualcomm WSA8830
All of
Qualcomm WSA8835 Firmware
Qualcomm WSA8835

Remedy

https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-40540?

    CVE-2022-40540 is a vulnerability that involves memory corruption due to a buffer copy without checking the size of input while loading firmware in the Linux Kernel.

  • Which software is affected by CVE-2022-40540?

    The affected software includes Google Android and Qualcomm Sd888 5g Firmware.

  • What is the severity of CVE-2022-40540?

    The severity of CVE-2022-40540 is high, with a severity value of 7.8.

  • How can I fix CVE-2022-40540?

    To fix CVE-2022-40540, it is recommended to apply the patches provided by the software vendors.

  • Where can I find more information about CVE-2022-40540?

    You can find more information about CVE-2022-40540 in the NetApp security advisory and the Qualcomm product security bulletins.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203