CVE-2022-40536
📋 TL;DR
This vulnerability allows attackers to cause a denial-of-service (DoS) condition in Qualcomm modems by sending specially crafted OTA (Over-The-Air) messages without proper authentication. It affects mobile devices and IoT products using vulnerable Qualcomm chipsets. The attack can temporarily disrupt cellular connectivity.
💻 Affected Systems
- Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
📦 What is this software?
Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm
View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →
Snapdragon Auto 5g Modem Rf Firmware by Qualcomm
View all CVEs affecting Snapdragon Auto 5g Modem Rf Firmware →
Snapdragon X55 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X55 5g Modem Rf System Firmware →
Snapdragon X65 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X65 5g Modem Rf System Firmware →
Snapdragon X70 Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X70 Modem Rf System Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Permanent modem crash requiring device reboot, disrupting all cellular connectivity including emergency calls.
Likely Case
Temporary loss of cellular data/voice services until modem resets automatically.
If Mitigated
Minimal impact with proper network filtering and updated firmware.
🎯 Exploit Status
Exploitation requires sending malformed TLB OTA messages via cellular network. No user interaction needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by chipset - check Qualcomm advisory for specific firmware versions.
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin
Restart Required: Yes
Instructions:
1. Check device manufacturer for security updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device after update. 4. Verify modem firmware version.
🔧 Temporary Workarounds
Network filtering
allFilter suspicious OTA messages at network operator level.
🧯 If You Can't Patch
- Isolate vulnerable devices from untrusted cellular networks when possible.
- Implement network monitoring for unusual OTA traffic patterns.
🔍 How to Verify
Check if Vulnerable:
Check device modem firmware version against Qualcomm's patched versions list.Check Version:
Device-specific - typically in Settings > About Phone > Baseband VersionVerify Fix Applied:
Verify modem firmware has been updated to patched version via device settings or diagnostic tools.📡 Detection & Monitoring
Log Indicators:
- Modem crash logs
- Unexpected modem resets
- OTA message parsing errors
Network Indicators:
- Unusual TLB OTA message patterns
- Spoofed cellular network messages
SIEM Query:
Search for modem crash events or baseband processor failures in device logs.