CVE-2022-25735

Q: What is the severity of CVE-2022-25735?

CVE-2022-25735 has a CVSS score of 7.5 (HIGH). CVE-2022-25735 is a denial-of-service vulnerability in Qualcomm modems where missing null pointer checks when processing TCP/UDP packets can cause crashes. This affects devices using vulnerable Qualcomm modem chipsets, primarily mobile devices and IoT equipment. Attackers can send specially crafted network packets to trigger the vulnerability.

7.5 HIGH

Denial of Service

📋 TL;DR

CVE-2022-25735 is a denial-of-service vulnerability in Qualcomm modems where missing null pointer checks when processing TCP/UDP packets can cause crashes. This affects devices using vulnerable Qualcomm modem chipsets, primarily mobile devices and IoT equipment. Attackers can send specially crafted network packets to trigger the vulnerability.

💻 Affected Systems

Products:

Qualcomm modem chipsets
Devices using affected Qualcomm modems

Versions: Specific affected versions not publicly detailed in advisory

Operating Systems: Android, Embedded systems using Qualcomm modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm modem firmware; exact device models depend on OEM implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete modem crash requiring device reboot, disrupting all cellular connectivity including emergency calls and location services.

🟠

Likely Case

Temporary loss of cellular data/voice connectivity until modem resets, causing service disruption.

🟢

If Mitigated

Minimal impact with proper network filtering and updated firmware preventing exploitation.

🌐 Internet-Facing: MEDIUM - Requires sending packets to vulnerable modem interfaces, but cellular networks provide some inherent filtering.

🏢 Internal Only: LOW - Typically requires cellular network access rather than internal network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted TCP/UDP packets to vulnerable modem interfaces.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm February 2023 security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates. 2. Apply Qualcomm modem firmware updates. 3. Reboot device after update. 4. Verify patch through version checking.

🔧 Temporary Workarounds

Network Traffic Filtering

all

Implement network filtering to block suspicious TCP/UDP packets targeting modem interfaces

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices
Deploy intrusion detection systems to monitor for DoS attempts against modem interfaces

🔍 How to Verify

Check if Vulnerable:

Check device modem firmware version against Qualcomm's patched versions in February 2023 bulletin

Check Version:

Device-specific commands vary by manufacturer; typically in device settings or diagnostic menus

Verify Fix Applied:

Verify modem firmware has been updated to versions listed in Qualcomm's security bulletin

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Unexpected modem resets
Cellular connectivity loss events

Network Indicators:

Unusual TCP/UDP packets targeting modem ports
Patterns of packets causing modem instability

SIEM Query:

Search for modem crash events OR cellular interface resets within short timeframes

📊 Metadata

CVE ID: CVE-2022-25735

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: February 12, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8031 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Mdm8207 Firmware by Qualcomm

Mdm9205 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9207 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca4020 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qcs405 Firmware by Qualcomm

Qts110 Firmware by Qualcomm

Ssg2115p Firmware by Qualcomm

Ssg2125p Firmware by Qualcomm

Sxr1230p Firmware by Qualcomm

Sxr2230p Firmware by Qualcomm

Wcd9306 Firmware by Qualcomm

Wcd9330 Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn3999 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wcn7850 Firmware by Qualcomm

Wcn7851 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm