CVE-2022-33223 – This vulnerability allows attackers to cause a ... (How to Fix)

Q: What is the severity of CVE-2022-33223?

CVE-2022-33223 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause a denial-of-service (DoS) condition in Qualcomm modems by sending specially crafted HTTP packets with chunked encoding. The null pointer dereference causes the modem to crash, disrupting cellular connectivity. This affects devices using vulnerable Qualcomm modem chipsets.

📋 TL;DR

This vulnerability allows attackers to cause a denial-of-service (DoS) condition in Qualcomm modems by sending specially crafted HTTP packets with chunked encoding. The null pointer dereference causes the modem to crash, disrupting cellular connectivity. This affects devices using vulnerable Qualcomm modem chipsets.

💻 Affected Systems

Products:

Qualcomm modem chipsets

Versions: Specific affected versions not publicly detailed in bulletin

Operating Systems: Android and other mobile OS using Qualcomm modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm modem firmware. Exact chipset models not specified in public bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent modem failure requiring hardware replacement or persistent service disruption until device reboot

🟠

Likely Case

Temporary loss of cellular connectivity until modem reboots automatically or device is restarted

🟢

If Mitigated

Minimal impact with proper network filtering and updated firmware

🌐 Internet-Facing: MEDIUM - Requires sending specially crafted packets to vulnerable modem, but cellular interfaces are typically exposed

🏢 Internal Only: LOW - Requires access to cellular network or local modem interface

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires sending specially crafted HTTP packets to modem interface. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to April 2023 Qualcomm security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates 2. Apply Qualcomm modem firmware update 3. Reboot device to activate new firmware

🔧 Temporary Workarounds

Network filtering

all

Filter HTTP traffic with chunked encoding at network perimeter

Disable vulnerable services

all

Disable HTTP services on modem interfaces if not required

🧯 If You Can't Patch

Implement network monitoring for abnormal HTTP chunked encoding patterns
Isolate vulnerable devices from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check modem firmware version against Qualcomm security bulletin

Check Version:

Device-specific commands vary by manufacturer (e.g., Android: Settings > About phone > Baseband version)

Verify Fix Applied:

Verify modem firmware version matches patched version from bulletin

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Unexpected modem resets
HTTP parsing errors

Network Indicators:

Abnormal HTTP chunked encoding patterns
Modem disconnection events

SIEM Query:

search 'modem crash' OR 'baseband crash' OR 'HTTP chunked encoding error'

📊 Metadata

CVE ID: CVE-2022-33223

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: April 13, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-33223, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mdm8207 Firmware by Qualcomm

Mdm9205 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9207 Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qts110 Firmware by Qualcomm

Snapdragon Wear 1100 Firmware by Qualcomm

Snapdragon Wear 1200 Firmware by Qualcomm

Snapdragon Wear 1300 Firmware by Qualcomm

Snapdragon X5 Lte Modem Firmware by Qualcomm

Wcd9306 Firmware by Qualcomm

Wcd9330 Firmware by Qualcomm