CVE-2022-33306

Q: What is the severity of CVE-2022-33306?

CVE-2022-33306 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause a denial-of-service (DoS) condition in affected wireless devices by sending specially crafted management frames with malformed information elements (IEs). It affects Qualcomm WLAN chipsets and devices using them, potentially impacting smartphones, routers, IoT devices, and other wireless equipment.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause a denial-of-service (DoS) condition in affected wireless devices by sending specially crafted management frames with malformed information elements (IEs). It affects Qualcomm WLAN chipsets and devices using them, potentially impacting smartphones, routers, IoT devices, and other wireless equipment.

💻 Affected Systems

Products:

Qualcomm WLAN chipsets and devices using them

Versions: Specific affected versions not detailed in public advisory

Operating Systems: Android, Linux-based systems, embedded OS using Qualcomm WLAN

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with WLAN enabled; exact product list requires checking Qualcomm's advisory

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent device crash requiring physical restart, disrupting all wireless connectivity on affected devices

🟠

Likely Case

Temporary wireless disconnection or performance degradation until system recovers

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring

🌐 Internet-Facing: MEDIUM - Attackers could target wireless interfaces from nearby locations

🏢 Internal Only: MEDIUM - Internal attackers could disrupt wireless networks

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires proximity to target's wireless network and ability to craft malicious management frames

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for security updates
2. Apply latest firmware/software updates
3. Reboot device after update

🔧 Temporary Workarounds

Disable WLAN if not needed

all

Turn off wireless functionality on non-essential devices

Implement wireless intrusion prevention

all

Deploy WIPS to detect and block malicious management frames

🧯 If You Can't Patch

Segment wireless networks from critical infrastructure
Monitor for wireless disconnection events and unusual management frame patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's patched versions

Check Version:

Device-specific (e.g., 'cat /proc/version' on Linux, Settings > About on Android)

Verify Fix Applied:

Confirm latest security patches are installed and device remains stable during wireless stress testing

📡 Detection & Monitoring

Log Indicators:

Unexpected WLAN driver crashes
Wireless interface resets
Kernel panic logs

Network Indicators:

Unusual management frame patterns
Multiple authentication/association failures

SIEM Query:

source="wireless" AND (event="driver_crash" OR event="interface_reset")

📊 Metadata

CVE ID: CVE-2022-33306

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

Published: February 12, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5018 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca2062 Firmware by Qualcomm

Qca2064 Firmware by Qualcomm

Qca2065 Firmware by Qualcomm

Qca2066 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9886 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qca9980 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qca9985 Firmware by Qualcomm

Qca9986 Firmware by Qualcomm

Qca9990 Firmware by Qualcomm

Qca9992 Firmware by Qualcomm

Qca9994 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5054 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5124 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn5154 Firmware by Qualcomm

Qcn5164 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6100 Firmware by Qualcomm