CVE-2022-33309

Q: What is the severity of CVE-2022-33309?

CVE-2022-33309 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause a denial-of-service (DoS) condition in affected Qualcomm WLAN firmware by sending specially crafted secure FTMR frames smaller than 39 bytes. The buffer over-read can crash the WLAN subsystem, disrupting wireless connectivity. This affects devices using vulnerable Qualcomm WLAN chipsets.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause a denial-of-service (DoS) condition in affected Qualcomm WLAN firmware by sending specially crafted secure FTMR frames smaller than 39 bytes. The buffer over-read can crash the WLAN subsystem, disrupting wireless connectivity. This affects devices using vulnerable Qualcomm WLAN chipsets.

💻 Affected Systems

Products:

Qualcomm WLAN chipsets and associated firmware

Versions: Specific affected versions not publicly detailed in bulletin; refer to Qualcomm advisory for chipset-specific details

Operating Systems: Any OS using affected Qualcomm WLAN hardware/drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm WLAN chipsets regardless of operating system. The vulnerability is in firmware, not OS software.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent DoS requiring device reboot or hardware reset, potentially disrupting critical wireless communications in enterprise or industrial environments.

🟠

Likely Case

Temporary wireless connectivity loss requiring system reboot to restore functionality, affecting user productivity.

🟢

If Mitigated

Minimal impact with proper network segmentation and intrusion prevention systems blocking malicious FTMR frames.

🌐 Internet-Facing: MEDIUM - Attackers could exploit this remotely if WLAN interfaces are exposed to untrusted networks, but requires proximity or WLAN access.

🏢 Internal Only: MEDIUM - Internal attackers with network access could disrupt wireless services, but requires specific frame crafting knowledge.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific FTMR frames and WLAN access, but no authentication is needed once network access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm's March 2023 security bulletin for chipset-specific firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device to load new firmware. 4. Verify WLAN functionality post-update.

🔧 Temporary Workarounds

Network segmentation and filtering

all

Isolate WLAN networks and implement frame filtering to block malicious FTMR frames

WLAN intrusion prevention

all

Deploy WIPS systems to detect and block exploitation attempts

🧯 If You Can't Patch

Segment wireless networks from critical systems
Implement strict WLAN access controls and monitoring

🔍 How to Verify

Check if Vulnerable:

Check device specifications for Qualcomm WLAN chipset model and compare against Qualcomm's affected products list

Check Version:

Platform-specific commands vary; generally check firmware version in device management interface or using manufacturer-specific tools

Verify Fix Applied:

Verify firmware version matches patched versions in Qualcomm advisory and test WLAN stability with FTMR frame handling

📡 Detection & Monitoring

Log Indicators:

WLAN subsystem crashes
Unexpected WLAN disconnections
Firmware error messages related to FTMR processing

Network Indicators:

Malformed FTMR frames smaller than 39 bytes
Unusual FTMR traffic patterns

SIEM Query:

Search for WLAN interface errors, firmware crashes, or authentication failures coinciding with FTMR frame reception

📊 Metadata

CVE ID: CVE-2022-33309

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

Published: March 10, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Csr8811 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5018 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5124 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn5154 Firmware by Qualcomm

Qcn5164 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6122 Firmware by Qualcomm

Qcn6132 Firmware by Qualcomm

Qcn9000 Firmware by Qualcomm

Qcn9022 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9070 Firmware by Qualcomm

Qcn9072 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcn9100 Firmware by Qualcomm

Qcn9274 Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sdx65 Firmware by Qualcomm

Sdx65m Firmware by Qualcomm

Ssg2115p Firmware by Qualcomm

Ssg2125p Firmware by Qualcomm

Sxr1230p Firmware by Qualcomm

Sxr2230p Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wcn7850 Firmware by Qualcomm

Wcn7851 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm