Lucene search

QualcommCVELIST:CVE-2022-33294

HistoryApr 04, 2023 - 4:46 a.m.

CVE-2022-33294 NULL pointer dereference in Modem

2023-04-0404:46:43

CWE-476

qualcomm

www.cve.org

cve-2022-33294

modem

transient dos

null pointer dereference

lwm2m

registration update bootstrap

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

33.3%

JSON

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Snapdragon Industrial IOT"
    ],
    "product": "Snapdragon",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "9205 LTE Modem"
      },
      {
        "status": "affected",
        "version": "9206 LTE Modem"
      },
      {
        "status": "affected",
        "version": "9207 LTE Modem"
      },
      {
        "status": "affected",
        "version": "MDM8207"
      },
      {
        "status": "affected",
        "version": "QCA4004"
      },
      {
        "status": "affected",
        "version": "QTS110"
      },
      {
        "status": "affected",
        "version": "Snapdragon 1100 Wearable Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon 1200 Wearable Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon Wear 1300 Platform"
      },
      {
        "status": "affected",
        "version": "Snapdragon X5 LTE Modem"
      },
      {
        "status": "affected",
        "version": "WCD9306"
      },
      {
        "status": "affected",
        "version": "WCD9330"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

33.3%

JSON

Related for CVELIST:CVE-2022-33294