CVE-2022-33237 in Snapdragon Auto
Summary
by MITRE • 11/15/2022
Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/10/2026
This vulnerability represents a critical transient denial of service condition affecting multiple Qualcomm Snapdragon product lines including automotive, mobile, and IoT devices. The flaw occurs within the WLAN firmware when processing PPE threshold parameters, creating a buffer over-read condition that can cause system instability and temporary service disruption. The vulnerability is classified as a transient issue because it does not persist across reboots but can be triggered repeatedly during active network operations. The affected product categories span from automotive infotainment systems to industrial IoT deployments, indicating the widespread impact across Qualcomm's semiconductor portfolio.
The technical implementation of this vulnerability stems from improper bounds checking within the wireless local area network firmware component. When the system processes PPE threshold parameters, the firmware fails to validate input boundaries properly, leading to memory access violations that result in system crashes or service interruptions. This type of vulnerability falls under CWE-129, which specifically addresses insufficient validation of the length of input data, and can be categorized as a memory safety issue within the broader context of CWE-787, representing out-of-bounds write operations. The buffer over-read condition typically manifests as an unauthorized memory access pattern that disrupts normal firmware execution flow.
The operational impact of CVE-2022-33237 extends across multiple industry sectors due to the broad product scope. Automotive systems utilizing Snapdragon Auto platforms may experience temporary loss of wireless connectivity during critical operations such as navigation updates or over-the-air software upgrades. Mobile device users could encounter intermittent network service disruptions, particularly during high-throughput wireless operations. IoT deployments across industrial and consumer markets may face temporary service degradation affecting network monitoring, data collection, or communication capabilities. The transient nature of this vulnerability means that attackers or malicious actors could potentially exploit it repeatedly to maintain service disruption, though the lack of persistent effects limits long-term damage potential.
Security professionals should implement immediate mitigation strategies focusing on firmware updates from Qualcomm, which address the buffer over-read condition through proper input validation mechanisms. Network administrators should monitor for unusual service disruptions in affected device populations and maintain awareness of potential exploitation attempts. The vulnerability demonstrates the importance of robust input validation in embedded systems, particularly within wireless communication firmware where memory safety is paramount. Organizations utilizing affected Snapdragon platforms should conduct risk assessments considering their specific deployment scenarios and implement appropriate monitoring procedures. This vulnerability aligns with ATT&CK technique T1499.004, which covers network denial of service attacks, and represents a common vector for service disruption in embedded wireless systems. Mitigation efforts should include regular firmware maintenance schedules and enhanced network monitoring to detect potential exploitation attempts.