CVE-2022-22071

Q: What is the severity of CVE-2022-22071?

CVE-2022-22071 has a CVSS score of 8.4 (HIGH). This is a use-after-free vulnerability in Qualcomm Snapdragon chipsets that allows attackers to execute arbitrary code or cause denial of service. It affects multiple Qualcomm product lines including automotive, mobile, and IoT devices. The vulnerability occurs when shell memory is freed while process initialization is still in progress.

8.4 HIGH

📋 TL;DR

This is a use-after-free vulnerability in Qualcomm Snapdragon chipsets that allows attackers to execute arbitrary code or cause denial of service. It affects multiple Qualcomm product lines including automotive, mobile, and IoT devices. The vulnerability occurs when shell memory is freed while process initialization is still in progress.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Voice & Music

Versions: Multiple chipset versions across affected product lines

Operating Systems: Android, Linux-based automotive/embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm chipsets; exact versions vary by product line and require checking Qualcomm's security bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution, allowing complete device control and data exfiltration.

🟠

Likely Case

Local privilege escalation from user to kernel space, potentially leading to persistent malware installation.

🟢

If Mitigated

Denial of service or system instability if exploitation attempts are blocked.

🌐 Internet-Facing: LOW (requires local access or malware foothold)

🏢 Internal Only: HIGH (local attackers or malware can exploit for privilege escalation)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access; exploitation involves timing IOCTL munmap calls during process initialization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by device manufacturer and chipset; check device-specific security updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for security updates. 2. Apply latest firmware/OS updates. 3. Reboot device after patching.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and remote local access to vulnerable devices

🧯 If You Can't Patch

Isolate affected devices on segmented networks
Implement strict application allowlisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's security bulletin

Check Version:

On Android: 'getprop ro.build.fingerprint' or check Settings > About Phone

Verify Fix Applied:

Verify firmware version has been updated to a version after May 2022 security patches

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unexpected process crashes
IOCTL munmap calls during process initialization

Network Indicators:

Unusual local privilege escalation attempts

SIEM Query:

Search for kernel panic events or unexpected process termination in system logs

📊 Metadata

CVE ID: CVE-2022-22071

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: June 14, 2022

Last Updated: October 28, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin Patch,Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22071 US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8053 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Mdm9150 Firmware by Qualcomm

Msm8953 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs405 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qrb5165 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Qualcomm215 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sd439 Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd662 Firmware by Qualcomm

Sd680 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd695 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sdx12 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdx65 Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm4125 Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Wcd9326 Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3615 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3910 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm