We use cookies to improve your experience on our site.
AVID-2026-R1048
Description
Improper authentication in Qualcomm IPC (CVE-2022-33242)
Details
Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.
Reason for inclusion in AVID: CVE-2022-33242 describes a software/firmware vulnerability in Qualcomm IPC that allows memory corruption when loading unsigned libraries in the audio processing domain. The affected component is a driver/IPC used on Snapdragon SoCs, which is part of the software stack that runs general-purpose AI workloads on such hardware. This constitutes a software supply-chain entry affecting AI deployment stacks, with a known vulnerability (CVE) and explicit references.
References
Affected or Relevant Artifacts
- Developer: Qualcomm, Inc.
- Deployer: Qualcomm, Inc.
- Artifact Details:
| Type | Name |
|---|---|
| System | Snapdragon |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Base Score | 7.8 |
| Base Severity | 🔴 High |
| Attack Vector | LOCAL |
| Attack Complexity | 🟢 Low |
| Privileges Required | 🟢 Low |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-287 | CWE-287 Improper Authentication |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-03-07
- Version: 0.3.3
- AVID Entry