CVE-2022-33272

Q: What is the severity of CVE-2022-33272?

CVE-2022-33272 has a CVSS score of 7.5 (HIGH). CVE-2022-33272 is a reachable assertion vulnerability in Qualcomm modem firmware that can cause a denial of service (DoS) condition. When exploited, it triggers a modem crash requiring device reboot. This affects mobile devices and IoT products using vulnerable Qualcomm chipsets.

7.5 HIGH

Denial of Service

📋 TL;DR

CVE-2022-33272 is a reachable assertion vulnerability in Qualcomm modem firmware that can cause a denial of service (DoS) condition. When exploited, it triggers a modem crash requiring device reboot. This affects mobile devices and IoT products using vulnerable Qualcomm chipsets.

💻 Affected Systems

Products:

Qualcomm Snapdragon mobile platforms
Qualcomm IoT chipsets

Versions: Specific firmware versions not publicly detailed in bulletin

Operating Systems: Android, Embedded Linux, RTOS-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm modem firmware; exact chipset models not specified in public bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent modem failure requiring hardware replacement, complete loss of cellular connectivity.

🟠

Likely Case

Temporary modem crash causing loss of cellular service until device reboot.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring.

🌐 Internet-Facing: MEDIUM - Requires proximity or network access to cellular interface.

🏢 Internal Only: LOW - Typically requires physical access or compromised baseband access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Exploitation requires specialized knowledge of modem firmware and access to cellular/baseband interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply modem firmware patch from OEM. 3. Reboot device to activate new firmware.

🔧 Temporary Workarounds

Network segmentation

all

Isolate vulnerable devices from untrusted networks

Disable unnecessary cellular features

all

Reduce attack surface by disabling unused modem functions

🧯 If You Can't Patch

Implement strict network access controls to modem interfaces
Monitor for modem crash events and implement automated alerting

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer security bulletins

Check Version:

Device-specific commands vary by manufacturer (e.g., Android: getprop ro.build.version.baseband)

Verify Fix Applied:

Verify modem firmware version has been updated to patched release

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Baseband processor reset events
Unexpected modem reboots

Network Indicators:

Abnormal cellular protocol traffic
Modem disconnection patterns

SIEM Query:

source="modem_logs" AND (event="crash" OR event="assertion_failure")

📊 Metadata

CVE ID: CVE-2022-33272

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

Published: March 10, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcx315 Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd695 Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdx57m Firmware by Qualcomm

Sdx65 Firmware by Qualcomm

Sdx70m Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Snapdragon 4 Gen 1 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn6850 Firmware by Qualcomm

Wcn6851 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wcn7850 Firmware by Qualcomm

Wcn7851 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm