CVE-2022-33264
📋 TL;DR
CVE-2022-33264 is a stack-based buffer overflow vulnerability in Qualcomm modem firmware that allows memory corruption when parsing OTASP Key Generation Request Messages. Successful exploitation could allow remote code execution on affected devices. This affects mobile devices and IoT products using vulnerable Qualcomm modem chipsets.
💻 Affected Systems
- Qualcomm modem chipsets and devices using them
📦 What is this software?
Smart Audio 200 Platform Firmware by Qualcomm
Smart Audio 400 Platform Firmware by Qualcomm
Snapdragon 1100 Wearable Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 1100 Wearable Platform Firmware →
Snapdragon 208 Processor Firmware by Qualcomm
Snapdragon 210 Processor Firmware by Qualcomm
Snapdragon 212 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 212 Mobile Platform Firmware →
Snapdragon 425 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 425 Mobile Platform Firmware →
Snapdragon 427 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 427 Mobile Platform Firmware →
Snapdragon 430 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 430 Mobile Platform Firmware →
Snapdragon 435 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 435 Mobile Platform Firmware →
Snapdragon 625 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 625 Mobile Platform Firmware →
Snapdragon 630 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 630 Mobile Platform Firmware →
Snapdragon 632 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 632 Mobile Platform Firmware →
Snapdragon 636 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 636 Mobile Platform Firmware →
Snapdragon 662 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 662 Mobile Platform Firmware →
Snapdragon 675 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 675 Mobile Platform Firmware →
Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm
View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →
Snapdragon 820 Automotive Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 820 Automotive Platform Firmware →
Snapdragon 835 Mobile Pc Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 835 Mobile Pc Platform Firmware →
Snapdragon 850 Mobile Compute Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 850 Mobile Compute Platform Firmware →
Snapdragon Auto 4g Modem Firmware by Qualcomm
Snapdragon Auto 5g Modem Rf Firmware by Qualcomm
View all CVEs affecting Snapdragon Auto 5g Modem Rf Firmware →
Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon W5\+ Gen 1 Wearable Platform Firmware →
Snapdragon Wear 2100 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Wear 2100 Platform Firmware →
Snapdragon Wear 2500 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Wear 2500 Platform Firmware →
Snapdragon Wear 3100 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Wear 3100 Platform Firmware →
Snapdragon Wear 4100\+ Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Wear 4100\+ Platform Firmware →
Snapdragon X12 Lte Modem Firmware by Qualcomm
Snapdragon X20 Lte Modem Firmware by Qualcomm
Snapdragon X24 Lte Modem Firmware by Qualcomm
Snapdragon X5 Lte Modem Firmware by Qualcomm
Snapdragon X50 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X50 5g Modem Rf System Firmware →
Snapdragon X55 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X55 5g Modem Rf System Firmware →
Snapdragon X65 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X65 5g Modem Rf System Firmware →
Snapdragon X70 Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X70 Modem Rf System Firmware →
Snapdragon Xr1 Platform Firmware by Qualcomm
Snapdragon Xr2 5g Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Xr2 5g Platform Firmware →
Vision Intelligence 300 Platform Firmware by Qualcomm
View all CVEs affecting Vision Intelligence 300 Platform Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Remote attacker gains full control of modem processor, potentially enabling persistent compromise, interception of communications, or device bricking.
Likely Case
Remote code execution on modem subsystem leading to service disruption, data interception, or device instability.
If Mitigated
Denial of service through modem crash requiring device reboot.
🎯 Exploit Status
Exploitation requires sending specially crafted OTASP messages over cellular network. No public exploit code available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in June 2023 security updates
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin
Restart Required: Yes
Instructions:
1. Check with device manufacturer for security updates. 2. Apply latest firmware/OS updates. 3. Reboot device after update.
🔧 Temporary Workarounds
Disable OTASP if possible
allDisable Over-The-Air Service Provisioning if not required
🧯 If You Can't Patch
- Isolate affected devices from untrusted cellular networks if possible
- Monitor for unusual modem behavior or crashes
🔍 How to Verify
Check if Vulnerable:
Check device security patch level - devices with June 2023 or later patches should be protected.Check Version:
On Android: Settings > About phone > Android security patch levelVerify Fix Applied:
Verify device has June 2023 or later security patch level installed.📡 Detection & Monitoring
Log Indicators:
- Modem crash logs
- Unexpected modem resets
- OTASP protocol anomalies
Network Indicators:
- Unusual OTASP traffic patterns
- Malformed cellular protocol messages
SIEM Query:
Not applicable - detection primarily at modem firmware level