CVE-2022-33214 Display corruption due to time-of-check time-of-use metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables.

Memory corruption in display due to time-of-check time-of-use of metadata reserved size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables May lead to unresponsiveness of the device, display corruption, slow responsiveness of UI, slow app loading, display freezing, app crashes, device hang, etc. This can be avoided by using the following steps: Avoid using reserved size less than 1024 bytes. Avoid using reserved size greater than 4096 bytes. Do not specify time-of-check greater than or equal to the time-of-use. Avoid using multiple times in the same file. Avoid specifying time-of-check greater than the time-of-use. Avoid using reserved size greater than 4096 bytes. Avoid specifying time-of-check greater than or equal to the time-of-use. Avoid using multiple times in the same file. Avoid specifying time-of-check greater than the time-of-use.

Solution: Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT

, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

A vulnerability in the Qualcomm® Snapdragon™ Auto, Compute, Consumer IOT, Industrial IOT and Wearables drivers can lead to memory corruption in display due to time-of-check time-of-use of metadata reserved size. This can be avoided by using the following steps: avoid using reserved size less than 1024 bytes; avoid using reserved size greater than 4096 bytes; avoid specifying time-of-check greater than or equal to the time-of-use; avoid using multiple times in the same file; avoid specifying time-of-check greater than the time-of-use.

How to check if your device is affected by CVE-2022-33214?

Affected devices may not be responsive, experience slow UI performance, or display freezing. To check if your device is affected by CVE-2022-33214:
1. Go to the Android Device Manager
2. Check the “Status” column of any device listed in the Google Play app on your phone or tablet.
3. If the system partition is affected by this vulnerability as a result of a time-of-check time-of-use violation, you will see “System integrity compromised” listed in the Status column.

How to check if your device is vulnerable?

The following methods may help you to check if your device is vulnerable. If so, you need to take the corresponding steps listed in 1-7 to avoid the vulnerability.
1) Identify your device model
2) Use a tool like https://www.qualcomm.com/products/snapdragon-security-reports/
3) Check CPU details (look at the "SAFE BOOT" line)
4) Check GPU details (look at the "SAFE BOOT" line)
5) Check GPU details and also look for any DSPs or DSP cores (look at the "ABORT API" line for each DSP or DSP core and compare with your CPU details).
6) Check CPU details again and look for any "HIBERNATE" lines.
7) Try to boot into Recovery Mode and check if the issue still exists in Recovery Mode

Timeline

Published on: 10/19/2022 11:15:00 UTC
Last modified on: 10/20/2022 19:18:00 UTC

References

• https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33214