CVE-2022-40535

Q: What is the severity of CVE-2022-40535?

CVE-2022-40535 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause a denial-of-service (DoS) condition in affected Qualcomm WLAN chipsets by sending specially crafted packets that trigger a buffer over-read. The vulnerability affects devices using Qualcomm wireless chipsets, potentially impacting smartphones, routers, IoT devices, and other wireless-enabled products.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause a denial-of-service (DoS) condition in affected Qualcomm WLAN chipsets by sending specially crafted packets that trigger a buffer over-read. The vulnerability affects devices using Qualcomm wireless chipsets, potentially impacting smartphones, routers, IoT devices, and other wireless-enabled products.

💻 Affected Systems

Products:

Qualcomm WLAN chipsets and devices using them

Versions: Specific affected versions not detailed in public advisory; refer to Qualcomm March 2023 bulletin for exact versions.

Operating Systems: Android, Linux-based systems, and other OS using Qualcomm WLAN drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects the WLAN driver/firmware layer; all devices using affected Qualcomm chipsets with wireless enabled are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete wireless network disruption on affected devices, requiring device restart to restore functionality.

🟠

Likely Case

Temporary wireless connectivity loss on individual devices when targeted with malicious packets.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated firmware.

🌐 Internet-Facing: MEDIUM - Attackers could target devices from the internet if wireless interfaces are exposed, but requires specific packet crafting.

🏢 Internal Only: MEDIUM - Internal attackers could disrupt wireless connectivity on affected devices within network range.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific wireless packets; no public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm March 2023 security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through device OEM updates. 3. Reboot device after update. 4. Verify wireless functionality post-update.

🔧 Temporary Workarounds

Disable vulnerable wireless interfaces

linux

Temporarily disable WLAN functionality to prevent exploitation

sudo ifconfig wlan0 down
sudo nmcli radio wifi off

Network segmentation

all

Isolate affected devices from untrusted networks

🧯 If You Can't Patch

Implement strict network access controls to limit wireless packet sources
Monitor for wireless connectivity disruptions and have restart procedures ready

🔍 How to Verify

Check if Vulnerable:

Check device specifications against Qualcomm's affected products list in March 2023 bulletin

Check Version:

cat /sys/class/net/wlan0/device/firmware_version (Linux) or check device settings > about > software information

Verify Fix Applied:

Verify firmware version matches or exceeds patched versions listed in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

WLAN driver crashes
Unexpected wireless interface resets
Kernel panic logs related to WLAN

Network Indicators:

Unusual wireless packet patterns targeting WLAN MAC addresses
Sudden wireless connectivity loss across multiple devices

SIEM Query:

source="kernel" AND ("WLAN" OR "wifi") AND ("crash" OR "panic" OR "reset")

📊 Metadata

CVE ID: CVE-2022-40535

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-126

Published: March 10, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Csr8811 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5124 Firmware by Qualcomm

Qcn5154 Firmware by Qualcomm

Qcn5164 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9000 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9070 Firmware by Qualcomm

Qcn9072 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcn9274 Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd662 Firmware by Qualcomm

Sd680 Firmware by Qualcomm

Sd695 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdx65 Firmware by Qualcomm

Sdx65m Firmware by Qualcomm

Sm4125 Firmware by Qualcomm

Snapdragon 4 Gen 1 Firmware by Qualcomm

Sw5100 Firmware by Qualcomm

Sw5100p Firmware by Qualcomm

Wcd9326 Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3910 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6850 Firmware by Qualcomm

Wcn6851 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm