CVE-2022-40504

Q: What is the severity of CVE-2022-40504?

CVE-2022-40504 has a CVSS score of 7.5 (HIGH). This vulnerability allows a denial-of-service (DoS) attack on mobile devices by sending a specially crafted Downlink Data Indication message to the modem. When exploited, it triggers a reachable assertion that crashes the modem, causing temporary loss of cellular connectivity. This affects devices using Qualcomm modems with vulnerable firmware.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows a denial-of-service (DoS) attack on mobile devices by sending a specially crafted Downlink Data Indication message to the modem. When exploited, it triggers a reachable assertion that crashes the modem, causing temporary loss of cellular connectivity. This affects devices using Qualcomm modems with vulnerable firmware.

💻 Affected Systems

Products:

Qualcomm mobile station modems (MSM)
Snapdragon modems

Versions: Specific firmware versions not publicly detailed in advisory

Operating Systems: Android, Other mobile OS using Qualcomm modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm modem firmware; exact device models not specified in public advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent modem failure requiring hardware replacement or persistent cellular service disruption across an entire network segment.

🟠

Likely Case

Temporary loss of cellular connectivity (voice/data) until device reboots, affecting individual devices or small groups.

🟢

If Mitigated

Brief service interruption with automatic modem recovery, minimal user impact.

🌐 Internet-Facing: MEDIUM - Attack requires sending messages to cellular network interfaces, which are accessible but require specific network access.

🏢 Internal Only: LOW - Primarily affects external cellular interfaces rather than internal enterprise networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malicious Downlink Data Indication messages via cellular network, which requires access to network infrastructure or ability to spoof network messages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates specified in May 2023 Qualcomm security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided modem firmware patches. 3. Reboot device after update. 4. Verify modem functionality post-update.

🔧 Temporary Workarounds

Network filtering

all

Implement network-level filtering of Downlink Data Indication messages at cellular infrastructure level

🧯 If You Can't Patch

Monitor for unusual modem resets or cellular connectivity drops
Implement network segmentation to limit potential attack surface

🔍 How to Verify

Check if Vulnerable:

Check modem firmware version against Qualcomm's patched versions in security bulletin

Check Version:

Device-specific commands vary by manufacturer; typically in device settings or diagnostic menus

Verify Fix Applied:

Verify modem firmware has been updated to version containing CVE-2022-40504 fix

📡 Detection & Monitoring

Log Indicators:

Unexpected modem resets
Modem assertion failures in system logs
Cellular connectivity loss events

Network Indicators:

Unusual Downlink Data Indication message patterns
Suspicious cellular network traffic

SIEM Query:

Search for modem crash events, cellular service interruptions, or Qualcomm-specific error codes

📊 Metadata

CVE ID: CVE-2022-40504

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

Published: May 2, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

8905 Firmware by Qualcomm

8909 Firmware by Qualcomm

8909 Firmware by Qualcomm

8917 Firmware by Qualcomm

8920 Firmware by Qualcomm

8940 Firmware by Qualcomm

8953 Firmware by Qualcomm

8953pro Firmware by Qualcomm

Apq5053 Aa Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8053 Aa Firmware by Qualcomm

Apq8053 Ac Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fsm10055 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs400 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs603 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qm215 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sc7180 Ac Firmware by Qualcomm

Sc7180 Ad Firmware by Qualcomm

Sc8180x Ad Firmware by Qualcomm

Sc8180x\+sdx55 Firmware by Qualcomm

Sc8180xp Ad Firmware by Qualcomm

Sd 455 Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd626 Firmware by Qualcomm

Sd660 Firmware by Qualcomm