发布日期：2023-01-09
更新日期：2023-04-06

受影响系统：

Qualcomm chipsets WSA8815
Qualcomm chipsets WSA8810
Qualcomm chipsets WCN3998
Qualcomm chipsets WCN3990
Qualcomm chipsets WCN3980
Qualcomm chipsets WCN3950
Qualcomm chipsets WCN3680B
Qualcomm chipsets WCN3660B
Qualcomm chipsets WCN3620
Qualcomm chipsets WCN3610
Qualcomm chipsets WCD9370
Qualcomm chipsets WCD9341
Qualcomm chipsets WCD9340
Qualcomm chipsets WCD9335
Qualcomm chipsets WCD9326
Qualcomm chipsets SDX55
Qualcomm chipsets SDM429W
Qualcomm chipsets SDA429W
Qualcomm chipsets SD855
Qualcomm chipsets SD835
Qualcomm chipsets SD429
Qualcomm chipsets SD210
Qualcomm chipsets SD205
Qualcomm chipsets SA8155P
Qualcomm chipsets SA515M
Qualcomm chipsets Qualcomm215
Qualcomm chipsets QCS8155
Qualcomm chipsets QCS610
Qualcomm chipsets QCS410
Qualcomm chipsets QCA8337
Qualcomm chipsets QCA6574AU
Qualcomm chipsets QCA6574A
Qualcomm chipsets QCA6564AU
Qualcomm chipsets QCA6564A
Qualcomm chipsets QCA6430
Qualcomm chipsets QCA6420
Qualcomm chipsets QCA6391
Qualcomm chipsets MSM8996AU
Qualcomm chipsets MDM9650
Qualcomm chipsets MDM9250
Qualcomm chipsets MDM9150
Qualcomm chipsets AQT1000
Qualcomm chipsets APQ8096AU

描述：

---

CVE(CAN) ID: CVE-2022-25717

Qualcomm芯片是美国高通（Qualcomm）公司的芯片，一种将电路（主要包括半导体设备，也包括被动组件等）小型化的方式，并时常制造在半导体晶圆表面上。
Qualcomm多款产品在配置帧缓冲内存时存在越界读取漏洞，攻击者可利用该漏洞导致Display内存损坏。

<*来源：Nicolas
  
  链接：https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html
*>

建议：

---

厂商补丁：

Qualcomm
--------
Qualcomm已经为此发布了一个安全公告（CVE-2022-25717）以及相应补丁:
CVE-2022-25717：Use-After-Free Issue in Display
链接：https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2023-bulletin.html

浏览次数：402
严重程度：0（网友投票）