CVE-2022-33294 HIGH

CVE-2022-33294: NULL pointer dereference in Modem

Vendor Qualcomm, Inc.

Product Snapdragon

Weakness CWE-476

Published April 4, 2023

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.

Key dates

02Disclosure timeline

April 4, 2023 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-33294 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/476.html

Related vulnerabilities

Identifiers

CVE CVE-2022-33294

CWE CWE-476

CVSS 7.5 / HIGH

Affected versions

Vendor Qualcomm, Inc.

Product Snapdragon

Affected 9205 LTE Modem

Vendor Qualcomm, Inc.

Product Snapdragon

Affected 9206 LTE Modem

Vendor Qualcomm, Inc.

Product Snapdragon

Affected 9207 LTE Modem

Vendor Qualcomm, Inc.

Product Snapdragon

Affected MDM8207

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QCA4004

Vendor Qualcomm, Inc.

Product Snapdragon

Affected QTS110

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon 1100 Wearable Platform

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon 1200 Wearable Platform

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon Wear 1300 Platform

Vendor Qualcomm, Inc.

Product Snapdragon

Affected Snapdragon X5 LTE Modem

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WCD9306

Vendor Qualcomm, Inc.

Product Snapdragon

Affected WCD9330

CVE-2022-33294: NULL pointer dereference in Modem

01Description

02Disclosure timeline

03References

04Related CVE