CVE-2022-22071

high

Description

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

References

Exploits
More

https://thehackernews.com/2023/12/qualcomm-releases-details-on-chip.html

https://www.bleepingcomputer.com/news/security/qualcomm-says-hackers-exploit-3-zero-days-in-its-gpu-dsp-drivers/

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22071

Details

Source: Mitre, NVD

Published: 2022-06-14

Updated: 2026-06-17

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00478