cbcvebase.
CVE-2022-22071
published 2022-06-14

CVE-2022-22071: Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon…

PriorityP181high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-12-26
Exploited in the wild
EPSS
0.45%
35.9th percentile
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via IOCTL munmap call while process initialization is in progress, leading to a use-after-free condition in process shell memory handling on Qualcomm chipsets
  • Patch reference commit available for kernel/msm-5.4; defenders can diff this commit to identify the vulnerable code path and build kernel-level detections or verify patch status
  • ·This vulnerability affects a common open-source component, third-party library, or a protocol used by different products; patching status varies by vendor and device — check with specific vendors for remediation availability
  • ·Affected scope is broad, spanning Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, and Voice & Music product lines — detection and patching efforts must account for all applicable chipset families

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck8.4HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.