CVE-2022-25651

Q: What is the severity of CVE-2022-25651?

CVE-2022-25651 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code or cause denial of service via memory corruption in Qualcomm Bluetooth chips. It affects devices using Snapdragon processors with Bluetooth HFP-UNIT profile enabled, including automotive, IoT, mobile, and voice/music products.

9.8 CRITICAL

Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code or cause denial of service via memory corruption in Qualcomm Bluetooth chips. It affects devices using Snapdragon processors with Bluetooth HFP-UNIT profile enabled, including automotive, IoT, mobile, and voice/music products.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Consumer IoT
Snapdragon Industrial IoT
Snapdragon Mobile
Snapdragon Voice & Music

Versions: Specific chipset firmware versions prior to June 2022 patches

Operating Systems: Android, Linux-based embedded systems, Automotive OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Bluetooth HFP-UNIT profile to be enabled (common in hands-free calling scenarios).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or permanent device damage via memory corruption.

🟠

Likely Case

Denial of service (device crash/reboot) or limited code execution in Bluetooth stack context.

🟢

If Mitigated

No impact if Bluetooth is disabled or devices are patched with updated firmware.

🌐 Internet-Facing: MEDIUM - Requires Bluetooth proximity but no authentication, though internet exposure is limited to Bluetooth range.

🏢 Internal Only: HIGH - Within Bluetooth range, unauthenticated attackers can exploit without network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires Bluetooth proximity and knowledge of vulnerable devices, but no authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released in June 2022 security bulletins

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/june-2022-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM channels. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable Bluetooth HFP-UNIT profile

all

Disable Hands-Free Profile UNIT functionality to prevent exploitation vector

Device-specific Bluetooth configuration commands vary by manufacturer

Disable Bluetooth when not needed

linux

Turn off Bluetooth completely to eliminate attack surface

bluetoothctl power off
settings put global bluetooth_on 0

🧯 If You Can't Patch

Segment Bluetooth networks and limit device proximity to untrusted devices
Implement physical security controls to prevent unauthorized Bluetooth access

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm June 2022 security bulletin. Use 'getprop ro.build.fingerprint' on Android or manufacturer-specific firmware check commands.

Check Version:

Device-specific: Android: 'getprop ro.build.version.security_patch', Linux: check /etc/os-release and firmware version

Verify Fix Applied:

Confirm firmware version includes June 2022 security patches. Verify Bluetooth functionality remains operational after patch.

📡 Detection & Monitoring

Log Indicators:

Bluetooth stack crashes
HFP-UNIT protocol anomalies
Memory corruption errors in system logs

Network Indicators:

Unusual Bluetooth HFP-UNIT traffic patterns
Malformed Bluetooth packets

SIEM Query:

source="bluetooth" AND (event="crash" OR event="memory_error" OR protocol="HFP-UNIT")

📊 Metadata

CVE ID: CVE-2022-25651

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: June 14, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/june-2022-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/june-2022-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8053 Firmware by Qualcomm

Apq8096au Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Mdm9150 Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9626 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Qca4020 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584 Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9379 Firmware by Qualcomm

Qcs405 Firmware by Qualcomm

Sa415m Firmware by Qualcomm

Sa515m Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sd820 Firmware by Qualcomm

Sdx20 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Wcd9326 Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9360 Firmware by Qualcomm

Wcn3610 Firmware by Qualcomm

Wcn3615 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn3999 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm