Cyber Resilience

CVE-2022-22071

HighCISA KEVActive ExploitationEUVD Exploited

Published: 14 June 2022

Published
14 June 2022
Modified
28 October 2025
KEV Added
05 December 2023
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0055 68.5th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-22071 is a high-severity Use After Free (CWE-416) vulnerability in Qualcomm Apq8053 Firmware. Its CVSS base score is 8.4 (High).

Operationally, ranked in the top 31.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2022-22071 is a use-after-free vulnerability (CWE-416) affecting multiple Qualcomm Snapdragon platforms, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, and Voice & Music. The flaw occurs when process shell memory is released via an IOCTL munmap call while process initialization is still underway, allowing memory to be accessed after it has been freed.

A local attacker with no privileges or user interaction can trigger the condition to achieve arbitrary code execution or memory corruption with high impact on confidentiality, integrity, and availability. The CVSS 8.4 vector reflects local attack surface combined with the potential for full system compromise on affected devices.

Qualcomm addressed the issue in its May 2022 security bulletin, which includes patches for impacted chipsets. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation. The current EPSS score of 0.0055 indicates low but non-zero exploitation probability.

EU & UK References

Vulnerability details

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

CWE(s)
KEV Date Added
05 December 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

qualcomm
apq8053 firmware
all versions
qualcomm
ar8031 firmware
all versions
qualcomm
ar8035 firmware
all versions
qualcomm
csra6620 firmware
all versions
qualcomm
csra6640 firmware
all versions
qualcomm
mdm9150 firmware
all versions
qualcomm
msm8953 firmware
all versions
qualcomm
qca6174a firmware
all versions
qualcomm
qca6390 firmware
all versions
qualcomm
qca6391 firmware
all versions
+80 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Memory-protection mechanisms directly block exploitation of use-after-free conditions in kernel memory management paths such as munmap IOCTL handling.

prevent

Process-isolation boundaries limit the ability of a local UAF flaw during shell-memory initialization to affect other processes or escalate privileges.

prevent

Flaw-remediation processes ensure the Qualcomm-supplied patch that eliminates the race between munmap and process initialization is applied before exploitation.

References