CVE-2022-22071
Published: 14 June 2022
Summary
CVE-2022-22071 is a high-severity Use After Free (CWE-416) vulnerability in Qualcomm Apq8053 Firmware. Its CVSS base score is 8.4 (High).
Operationally, ranked in the top 31.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2022-22071 is a use-after-free vulnerability (CWE-416) affecting multiple Qualcomm Snapdragon platforms, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, and Voice & Music. The flaw occurs when process shell memory is released via an IOCTL munmap call while process initialization is still underway, allowing memory to be accessed after it has been freed.
A local attacker with no privileges or user interaction can trigger the condition to achieve arbitrary code execution or memory corruption with high impact on confidentiality, integrity, and availability. The CVSS 8.4 vector reflects local attack surface combined with the potential for full system compromise on affected devices.
Qualcomm addressed the issue in its May 2022 security bulletin, which includes patches for impacted chipsets. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation. The current EPSS score of 0.0055 indicates low but non-zero exploitation probability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-27225
Vulnerability details
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
- CWE(s)
- KEV Date Added
- 05 December 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Memory-protection mechanisms directly block exploitation of use-after-free conditions in kernel memory management paths such as munmap IOCTL handling.
Process-isolation boundaries limit the ability of a local UAF flaw during shell-memory initialization to affect other processes or escalate privileges.
Flaw-remediation processes ensure the Qualcomm-supplied patch that eliminates the race between munmap and process initialization is applied before exploitation.