CVE-2022-25668 Video driver memory corruption due to double free parsing ASF clips. Several Snapdragon processors affected.

There are certain cases where certain packets may be skipped when read from memory. These packets may contain important data which may be corrupted. This issue may be exploitable for remote code execution. This issue has been verified on the latest LineageOS 15.1 for the devices listed above. The latest stable release of LineageOS is recommended. You can install it from the below link. Updating the operating system and closing unneeded applications may help reduce the risk of exploitation.

Check LineageOS version to install

Check LineageOS version to install:

https://download.lineageos.org/16.0/MNRD-testing-release.zip

Android (Cortex-A) SDK

Remote Code Execution Vulnerability
A vulnerability in the Android (Cortex-A) SDK has been identified. This issue may be exploitable for remote code execution.

Check if you are vulnerable to CVE-2022 -25668

To check if your device is vulnerable to CVE-2022-25668, you can enter the following command in terminal. If it returns "y," then your device is vulnerable to this issue.

ls -la /dev/shm/ | grep "^-rwx------"

Check Current Operating System

The most recent stable release of LineageOS for the device is recommended. If you are using a custom ROM, be sure to check its security page for more information.

Timeline

Published on: 09/02/2022 12:15:00 UTC
Last modified on: 09/08/2022 03:09:00 UTC

References

• https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25668