CVE-2022-22057 — HIGH (8.4)

Vulnerability Description

Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Apq8053 Firmware	-
Qualcomm	Apq8053	-
Qualcomm	Ar8035 Firmware	-
Qualcomm	Ar8035	-
Qualcomm	Msm8953 Firmware	-
Qualcomm	Msm8953	-
Qualcomm	Qca6174A Firmware	-
Qualcomm	Qca6174A	-
Qualcomm	Qca6390 Firmware	-
Qualcomm	Qca6390	-
Qualcomm	Qca6391 Firmware	-
Qualcomm	Qca6391	-
Qualcomm	Qca6426 Firmware	-
Qualcomm	Qca6426	-
Qualcomm	Qca6436 Firmware	-
Qualcomm	Qca6436	-
Qualcomm	Qca6595Au Firmware	-
Qualcomm	Qca6595Au	-
Qualcomm	Qca8081 Firmware	-
Qualcomm	Qca8081	-

Related Weaknesses (CWE)

CWE-362

References

FAQ

What is CVE-2022-22057?

CVE-2022-22057 is a vulnerability with a CVSS score of 8.4 (HIGH). Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...

How severe is CVE-2022-22057?

CVE-2022-22057 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22057?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8053 Firmware, Qualcomm Apq8053, Qualcomm Ar8035 Firmware, Qualcomm Ar8035, Qualcomm Msm8953 Firmware.