CVE-2022-33303 : Transient DOS due to uncontrolled resource consumption in Linux kernel when malf

Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue.

Published 2023-06-06 08:15:11

Updated 2024-04-12 17:16:27

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-33303

Qualcomm » Qca6574au Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6574au » Version: N/A
Qualcomm » Sa6155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6155p » Version: N/A
Qualcomm » Qca6595au Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6595au » Version: N/A
Qualcomm » Sa8155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155p » Version: N/A
Qualcomm » Sm8350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8350 » Version: N/A
Qualcomm » Sa6145p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6145p » Version: N/A
Qualcomm » Sa6150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6150p » Version: N/A
Qualcomm » Sa8150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8150p » Version: N/A
Qualcomm » Sa8195p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8195p » Version: N/A
Qualcomm » Qca6696 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6696 » Version: N/A
Qualcomm » Wcd9380 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9380 » Version: N/A
Qualcomm » Wcd9385 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9385 » Version: N/A
Qualcomm » Wsa8830 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8830 » Version: N/A
Qualcomm » Wsa8835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8835 » Version: N/A
Qualcomm » Sa8145p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8145p » Version: N/A
Qualcomm » Sm8450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8450 » Version: N/A
Qualcomm » Wcn685x-1 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn685x-1_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn685x-1 » Version: N/A
Qualcomm » Wcn785x-1 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn785x-1_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn785x-1 » Version: N/A
Qualcomm » Wcn685x-5 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn685x-5_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn685x-5 » Version: N/A
Qualcomm » Wcn785x-5 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn785x-5_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn785x-5 » Version: N/A
Qualcomm » Sm8350-ac Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8350-ac_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8350-ac » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-33303

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 13 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-33303

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	Qualcomm, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-33303

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.
Assigned by:
- nvd@nist.gov (Primary)
- product-security@qualcomm.com (Secondary)

References for CVE-2022-33303

https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin

Security Bulletins | Qualcomm Documentation
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-33303

Products affected by CVE-2022-33303

Exploit prediction scoring system (EPSS) score for CVE-2022-33303

CVSS scores for CVE-2022-33303

CWE ids for CVE-2022-33303

References for CVE-2022-33303