Skip to main content

CVE-2022-25679: Improper Access Control in Video in Qualcomm, Inc. Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Medium
Published: Tue Nov 15 2022 (11/15/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: Qualcomm, Inc.
Product: Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Description

Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

AI-Powered Analysis

AILast updated: 06/21/2025, 19:51:22 UTC

Technical Analysis

CVE-2022-25679 is a medium-severity vulnerability affecting a broad range of Qualcomm Snapdragon platforms, including Snapdragon Compute, Consumer IoT, Industrial IoT, Mobile, and Wearables. The root cause is improper access control in the broadcast receivers related to video processing components. Specifically, the vulnerability allows unauthorized entities to trigger a denial of service (DoS) condition by exploiting weaknesses in the access control mechanisms governing video broadcast receivers. This can lead to the video subsystem becoming unresponsive or crashing, impacting device availability. The affected Snapdragon platforms span multiple chipsets such as SD 675, SD 8 Gen1 5G, SD865 5G, SD888 5G, and various wireless connectivity modules (e.g., WCN series). The vulnerability is categorized under CWE-284 (Improper Access Control), indicating that the system fails to properly restrict access to sensitive functions or resources. No known exploits have been reported in the wild, and Qualcomm has not yet published patches for this issue. The vulnerability does not require user interaction or authentication, increasing the risk of exploitation if an attacker can access the affected broadcast receivers. The impact is primarily denial of service, which affects availability but does not directly compromise confidentiality or integrity. Given the wide deployment of Snapdragon chipsets in mobile devices, IoT devices, and wearables, this vulnerability has a broad attack surface. However, exploitation requires access to the video broadcast receiver interfaces, which may be limited by device-specific security controls and usage contexts.

Potential Impact

For European organizations, the impact of CVE-2022-25679 can be significant, especially for those relying on devices powered by affected Snapdragon chipsets. Enterprises using mobile devices, IoT sensors, or wearables with these chipsets may experience service disruptions due to denial of service conditions triggered by this vulnerability. This can affect operational continuity, particularly in sectors such as manufacturing (Industrial IoT), healthcare (wearables and consumer IoT), and telecommunications. The DoS condition could lead to temporary loss of video functionality, impacting video conferencing, surveillance, or monitoring systems. While the vulnerability does not directly expose sensitive data or allow privilege escalation, the availability impact can indirectly affect business processes and user productivity. Additionally, denial of service in critical IoT or industrial environments could have safety or operational repercussions. The lack of known exploits and patches reduces immediate risk but also underscores the need for proactive mitigation. Organizations should assess their device inventories for affected chipsets and consider the criticality of video-dependent functions in their environments.

Mitigation Recommendations

1. Inventory and Identification: Conduct a thorough inventory of all devices using Qualcomm Snapdragon chipsets listed as affected, including mobile phones, IoT devices, and wearables. 2. Vendor Coordination: Engage with device manufacturers and Qualcomm to obtain firmware or software updates addressing this vulnerability as they become available. 3. Network Segmentation: Isolate critical IoT and industrial devices from untrusted networks to limit exposure to potential attackers who might exploit the broadcast receiver interfaces. 4. Access Control Hardening: Implement strict access controls and monitoring on device management interfaces and communication channels to prevent unauthorized access to video broadcast receivers. 5. Monitoring and Anomaly Detection: Deploy monitoring solutions to detect unusual device behavior or repeated crashes indicative of denial of service attempts. 6. Device Replacement Planning: For critical systems where patching is delayed or unavailable, plan for device replacement or temporary mitigation strategies to maintain operational continuity. 7. User Awareness: Educate users and administrators about the potential for denial of service impacts and encourage prompt reporting of device malfunctions related to video services. These steps go beyond generic advice by focusing on device-specific inventory, vendor engagement, and network-level protections tailored to the affected Snapdragon platforms.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
qualcomm
Date Reserved
2022-02-22T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9849c4522896dcbf6fb6

Added to database: 5/21/2025, 9:09:29 AM

Last enriched: 6/21/2025, 7:51:22 PM

Last updated: 8/14/2025, 8:49:35 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats