Qualcomm Multiple Chipsets Use-After-Free Vulnerability (CVE-2022-22071)

Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.

Published Jun 14, 2022 · Updated May 17, 2026

Why patchRisk explained in plain English

Worst-case scenarioIf unpatched

A local attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2023-12-26 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Use After Free (CWE-416) vulnerability in Qualcomm Multiple Chipsets. Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music Exploitation requires local access, low attack complexity, no authentication required, and no user interaction required.

Am I affected?Quick check

Probably yes if any of these apply:

●IT Security

●Running apq8053 firmware: -; ar8031 firmware: -; ar8035 firmware: -; csra6620 firmware: -; csra6640 firmware: -; mdm9150 firmware: -; msm8953 firmware: -; qca6174a firmware: -; qca6390 firmware: -; qca6391 firmware: -; qca6426 firmware: -; qca6436 firmware: -; qca6574 firmware: -; qca6574a firmware: -; qca6574au firmware: -; qca6595au firmware: -; qca6696 firmware: -; qca8081 firmware: -; qca8337 firmware: -; qca9377 firmware: -; qcm2290 firmware: -; qcm4290 firmware: -; qcm6490 firmware: -; qcs2290 firmware: -; qcs405 firmware: -; qcs410 firmware: -; qcs4290 firmware: -; qcs610 firmware: -; qcs6490 firmware: -; qrb5165 firmware: -; qrb5165m firmware: -; qrb5165n firmware: -; qualcomm215 firmware: -; sa6155p firmware: -; sa8155p firmware: -; sa8195p firmware: -; sd439 firmware: -; sd460 firmware: -; sd480 firmware: -; sd662 firmware: -; sd680 firmware: -; sd690 5g firmware: -; sd695 firmware: -; sd750g firmware: -; sd765 firmware: -; sd765g firmware: -; sd768g firmware: -; sd778g firmware: -; sd780g firmware: -; sd855 firmware: -; sd865 5g firmware: -; sd870 firmware: -; sd888 5g firmware: -; sdx12 firmware: -; sdx55 firmware: -; sdx55m firmware: -; sdx65 firmware: -; sdxr2 5g firmware: -; sm4125 firmware: -; sm7250p firmware: -; sm7325p firmware: -; wcd9326 firmware: -; wcd9335 firmware: -; wcd9341 firmware: -; wcd9370 firmware: -; wcd9375 firmware: -; wcd9380 firmware: -; wcd9385 firmware: -; wcn3615 firmware: -; wcn3660b firmware: -; wcn3680b firmware: -; wcn3910 firmware: -; wcn3950 firmware: -; wcn3980 firmware: -; wcn3988 firmware: -; wcn3991 firmware: -; wcn3998 firmware: -; wcn3999 firmware: -; wcn6740 firmware: -; wcn6750 firmware: -; wcn6850 firmware: -; wcn6851 firmware: -; wcn6855 firmware: -; wcn6856 firmware: -; wcn7850 firmware: -; wcn7851 firmware: -; wsa8810 firmware: -; wsa8815 firmware: -; wsa8830 firmware: -; wsa8835 firmware: -

Real-world incidentsWhat we've seen

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2023-12-05 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2023-12-26.

How to patch

Manual remediation steps

Identify affected hosts: query inventory for general installs in scope.

Apply the vendor security update referenced in CVE-2022-22071's advisory. No specific KB/version is encoded yet — consult the linked MSRC/vendor URL.

Verify the fix per the vendor's published verification steps.

Document the remediation in your change ticket and re-scan with your vulnerability scanner to confirm closure.

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

↗ CVE-2022-22071 ↗ MSRC Advisory ↗ NVD ↗ Vendor Advisory