CVE-2022-25728

Q: What is the severity of CVE-2022-25728?

CVE-2022-25728 has a CVSS score of 8.2 (HIGH). CVE-2022-25728 is a buffer over-read vulnerability in Qualcomm modem firmware that allows information disclosure when processing DNS server responses. Attackers can read adjacent memory contents, potentially exposing sensitive data. This affects devices using vulnerable Qualcomm modem chipsets.

8.2 HIGH

📋 TL;DR

CVE-2022-25728 is a buffer over-read vulnerability in Qualcomm modem firmware that allows information disclosure when processing DNS server responses. Attackers can read adjacent memory contents, potentially exposing sensitive data. This affects devices using vulnerable Qualcomm modem chipsets.

💻 Affected Systems

Products:

Qualcomm modem chipsets (specific models not publicly detailed)

Versions: Multiple Qualcomm modem firmware versions prior to February 2023 patches

Operating Systems: Android and other mobile OS using Qualcomm modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects mobile devices, IoT devices, and other products using vulnerable Qualcomm modem chipsets. Exact device models not specified in public advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete modem memory dump exposing encryption keys, IMSI/IMEI identifiers, location data, and other sensitive telecommunication information

🟠

Likely Case

Limited information disclosure of adjacent memory buffers containing network configuration data or partial identifiers

🟢

If Mitigated

No data exposure if patched or with proper network segmentation preventing DNS manipulation

🌐 Internet-Facing: MEDIUM - Requires DNS response manipulation which could be achieved via man-in-the-middle attacks or malicious DNS servers

🏢 Internal Only: LOW - Typically requires local network access or compromised internal DNS infrastructure

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to manipulate DNS responses to target device, either through network position or DNS server compromise

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Qualcomm modem firmware updates released February 2023

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm modem firmware patches. 3. Reboot device to activate new firmware.

🔧 Temporary Workarounds

DNS Security Controls

all

Implement DNSSEC and use trusted DNS servers to prevent DNS response manipulation

Network Segmentation

all

Isolate vulnerable devices from untrusted networks and implement strict firewall rules

🧯 If You Can't Patch

Segment vulnerable devices on isolated network segments with restricted DNS access
Monitor for unusual DNS traffic patterns and implement DNS filtering solutions

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's security bulletin. No public vulnerability scanner available.

Check Version:

Device-specific commands vary by manufacturer. Typically in Settings > About Phone > Baseband Version

Verify Fix Applied:

Verify modem firmware has been updated to post-February 2023 versions via device settings or manufacturer tools

📡 Detection & Monitoring

Log Indicators:

Unusual DNS response sizes or patterns in modem logs
Modem crash or restart events

Network Indicators:

Abnormal DNS traffic to mobile devices
Unexpected large DNS responses

SIEM Query:

DNS response size > [threshold] AND destination in mobile_device_network

📊 Metadata

CVE ID: CVE-2022-25728

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-126

Published: February 12, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8031 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Mdm8207 Firmware by Qualcomm

Mdm9205 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9207 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca4020 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qcs405 Firmware by Qualcomm

Qts110 Firmware by Qualcomm

Ssg2115p Firmware by Qualcomm

Ssg2125p Firmware by Qualcomm

Sxr1230p Firmware by Qualcomm

Sxr2230p Firmware by Qualcomm

Wcd9306 Firmware by Qualcomm

Wcd9330 Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn3999 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wcn7850 Firmware by Qualcomm

Wcn7851 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm