CVE-2022-22071 — Qualcomm Multiple Chipsets Use-After-Free Vulnerability

2023-12-05 • CISA Known Exploited Vulnerability

[event] Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.

> AFFECTED SOFTWARE

Field	Value
Vendor	Qualcomm
Product	Multiple Chipsets
CWE	CWE-416
CVE ID	CVE-2022-22071
Date Added	2023-12-05
Due Date	2023-12-26
Ransomware Campaign	Unknown

> MITIGATION

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Due Date: 2023-12-26

> REFERENCES

[1] https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/586840fde350d7b8563df9...
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-22071