Headline
CVE-2022-3407: Improper Resource Shutdown vulnerability in some Motorola smartphones allows denial-of-service of network services, including emergency services
I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a call on the device, then the device’s modem may reset and cause the phone call to not succeed. This may block the user from dialing emergency services. This patch resolves the device’s modem reset issue.
Motorola Security Advisory: MML-2022-45675
Potential Impact: Denial-of-Service
Severity:
CVSS 3.1 Base Score
4.9
CVSS 3.1 Temporal Score
4.6
CVSS 3.1 Vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
CVE Identifier: CVE-2022-3407
Summary Description:
In some cases, when the device is USB-tethered to a host PC and connected to the mobile network, and the user originates a call on the device, then the device’s modem may reset and cause the phone call to not succeed. This may block the user from dialing emergency services.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update your product to a software version with an SPL of 2022-11-01 or later. (Your phone should automatically alert you when a new security update is available, but you can also immediately check for updates under Settings…System Updates.)
Untether the device from the host PC before making a phone call, particularly if dialing emergency services.
Do not allow an untrusted person physical access to your device
Product Impact:
Motorola smartphones
Was this answer helpful?