CVE-2022-33305

Q: What is the severity of CVE-2022-33305?

CVE-2022-33305 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause a denial-of-service (DoS) condition in Qualcomm modems by sending specially crafted invalid messages on the DCCH channel. The NULL pointer dereference can crash the modem, disrupting cellular connectivity. This affects devices using vulnerable Qualcomm modem chipsets.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause a denial-of-service (DoS) condition in Qualcomm modems by sending specially crafted invalid messages on the DCCH channel. The NULL pointer dereference can crash the modem, disrupting cellular connectivity. This affects devices using vulnerable Qualcomm modem chipsets.

💻 Affected Systems

Products:

Qualcomm modem chipsets

Versions: Specific versions not publicly detailed in bulletin

Operating Systems: Android and other mobile OS using Qualcomm modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm modem firmware. Exact chipset models not specified in public bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent modem crash requiring device reboot, complete loss of cellular connectivity including emergency services access.

🟠

Likely Case

Temporary modem crash causing dropped calls, lost data connectivity, and service disruption until modem resets.

🟢

If Mitigated

Minimal impact with proper network filtering and updated firmware preventing invalid message delivery.

🌐 Internet-Facing: MEDIUM - Attack requires proximity to target device or ability to send cellular network messages.

🏢 Internal Only: LOW - Not typically exploitable from internal enterprise networks without cellular access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to send invalid DCCH messages to target device, typically requiring cellular network access or proximity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to May 2023 Qualcomm security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm modem firmware patches. 3. Reboot device after update. 4. Verify patch installation through device settings.

🔧 Temporary Workarounds

Network filtering

all

Implement network-level filtering to block invalid DCCH messages

🧯 If You Can't Patch

Isolate vulnerable devices from untrusted cellular networks when possible
Implement monitoring for modem crash events and service disruptions

🔍 How to Verify

Check if Vulnerable:

Check device modem firmware version against Qualcomm's patched versions in May 2023 bulletin

Check Version:

Device-specific: Check Settings > About Phone > Baseband version on Android devices

Verify Fix Applied:

Verify modem firmware has been updated to patched version and monitor for stability

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Unexpected modem resets
DCCH protocol errors

Network Indicators:

Unusual DCCH message patterns
Modem disconnection events

SIEM Query:

Search for modem crash events, baseband processor failures, or cellular service disruption logs

📊 Metadata

CVE ID: CVE-2022-33305

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 2, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs400 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx57m Firmware by Qualcomm

Sg4150p Firmware by Qualcomm

Sm4250 Aa Firmware by Qualcomm

Sm4350 Ac Firmware by Qualcomm

Sm4350 Firmware by Qualcomm

Sm4375 Firmware by Qualcomm

Sm6115 Firmware by Qualcomm

Sm6225 Ad Firmware by Qualcomm

Sm6225 Firmware by Qualcomm

Sm6350 Firmware by Qualcomm

Sm6375 Firmware by Qualcomm

Sm7250 Aa Firmware by Qualcomm

Sm7250 Ab Firmware by Qualcomm

Sm7250 Ac Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Sm7315 Firmware by Qualcomm

Sm7325 Ae Firmware by Qualcomm

Sm7325 Af Firmware by Qualcomm

Sm7325 Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Sm7350 Ab Firmware by Qualcomm

Sm8250 Ab Firmware by Qualcomm

Sm8250 Ac Firmware by Qualcomm

Sm8250 Firmware by Qualcomm

Sm8350 Ac Firmware by Qualcomm

Sm8350 Firmware by Qualcomm

Sm8450 Firmware by Qualcomm

Sm8475 Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Firmware by Qualcomm

Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm

Snapdragon X55 5g Modem Rf System Firmware by Qualcomm

Snapdragon X65 5g Modem Rf System Firmware by Qualcomm

Snapdragon X70 Modem Rf System Firmware by Qualcomm

Sw5100 Firmware by Qualcomm

Sw5100p Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9360 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3910 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn685x 1 Firmware by Qualcomm

Wcn685x 5 Firmware by Qualcomm

Wcn785x 1 Firmware by Qualcomm

Wcn785x 5 Firmware by Qualcomm