CVE-2022-33302
HIGHCVSS 7.8/10EPSS 0.12%
Last modified
CVE-2022-33302 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.. EPSS estimates a 0.12% chance of exploitation in the next 30 days.
Description
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | 315 5g Iot Modem Firmware | All versions |
| Qualcomm | 9205 Lte Modem Firmware | All versions |
| Qualcomm | 9206 Lte Modem Firmware | All versions |
| Qualcomm | 9207 Lte Modem Firmware | All versions |
| Qualcomm | Apq8017 Firmware | All versions |
| Qualcomm | Apq8037 Firmware | All versions |
| Qualcomm | Aqt1000 Firmware | All versions |
| Qualcomm | Ar6003 Firmware | All versions |
| Qualcomm | Ar8035 Firmware | All versions |
| Qualcomm | C-V2x 9150 Firmware | All versions |
| Qualcomm | Csra6620 Firmware | All versions |
| Qualcomm | Csra6640 Firmware | All versions |
| Qualcomm | Csrb31024 Firmware | All versions |
| Qualcomm | Wcn3998 Firmware | All versions |
| Qualcomm | Wcn6750 Firmware | All versions |
| Qualcomm | Qca6390 Firmware | All versions |
| Qualcomm | Wcn685x-5 Firmware | All versions |
| Qualcomm | Wcn685x-1 Firmware | All versions |
| Qualcomm | Wcn785x-1 Firmware | All versions |
| Qualcomm | Wcn785x-5 Firmware | All versions |
| Qualcomm | Mdm8207 Firmware | All versions |
| Qualcomm | Mdm8215 Firmware | All versions |
| Qualcomm | Mdm8215m Firmware | All versions |
| Qualcomm | Mdm8615m Firmware | All versions |
| Qualcomm | Mdm9215 Firmware | All versions |
| Qualcomm | Mdm9230 Firmware | All versions |
| Qualcomm | Mdm9250 Firmware | All versions |
| Qualcomm | Mdm9310 Firmware | All versions |
| Qualcomm | Mdm9330 Firmware | All versions |
| Qualcomm | Mdm9615 Firmware | All versions |
| Qualcomm | Mdm9615m Firmware | All versions |
| Qualcomm | Mdm9628 Firmware | All versions |
| Qualcomm | Mdm9630 Firmware | All versions |
| Qualcomm | Mdm9640 Firmware | All versions |
| Qualcomm | Mdm9650 Firmware | All versions |
| Qualcomm | Msm8108 Firmware | All versions |
| Qualcomm | Msm8209 Firmware | All versions |
| Qualcomm | Msm8608 Firmware | All versions |
| Qualcomm | Msm8909w Firmware | All versions |
| Qualcomm | Msm8996au Firmware | All versions |
| Qualcomm | Qca4004 Firmware | All versions |
| Qualcomm | Qca6174 Firmware | All versions |
| Qualcomm | Qca6174a Firmware | All versions |
| Qualcomm | Qca6310 Firmware | All versions |
| Qualcomm | Qca6320 Firmware | All versions |
| Qualcomm | Qca6335 Firmware | All versions |
| Qualcomm | Qca6391 Firmware | All versions |
| Qualcomm | Qca6420 Firmware | All versions |
| Qualcomm | Qca6421 Firmware | All versions |
| Qualcomm | Qca6426 Firmware | All versions |
Showing 50 of 225 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-33302?
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
How severe is CVE-2022-33302?
CVE-2022-33302 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.12% probability of exploitation in the next 30 days.
How do I fix CVE-2022-33302?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2022-33302?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST