CVE-2023-22385

Q: What is the severity of CVE-2023-22385?

CVE-2023-22385 has a CVSS score of 8.2 (HIGH). This vulnerability allows memory corruption in Qualcomm data modem chipsets during mobile-originated or mobile-terminated VoLTE calls. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects smartphones and other devices using vulnerable Qualcomm modem chips.

8.2 HIGH

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm data modem chipsets during mobile-originated or mobile-terminated VoLTE calls. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects smartphones and other devices using vulnerable Qualcomm modem chips.

💻 Affected Systems

Products:

Qualcomm modem chipsets

Versions: Specific chipset versions as listed in Qualcomm October 2023 bulletin

Operating Systems: Android and other mobile OS using affected chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices making/receiving VoLTE calls with vulnerable modem firmware.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution allowing complete device compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Device crash/reboot causing denial of service during voice calls.

🟢

If Mitigated

Limited impact with proper network segmentation and updated firmware.

🌐 Internet-Facing: MEDIUM - Requires specific call conditions but can be triggered remotely via network.

🏢 Internal Only: LOW - Primarily affects mobile devices connecting through carrier networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Exploitation requires specific call setup conditions and modem firmware knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates specified in Qualcomm October 2023 security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates 2. Apply modem firmware update 3. Reboot device 4. Verify patch installation

🔧 Temporary Workarounds

Disable VoLTE

android

Switch to 3G/2G for voice calls to avoid vulnerable code path

Settings > Network & Internet > Mobile network > Preferred network type > Select 3G/2G

🧯 If You Can't Patch

Isolate affected devices on separate network segments
Monitor for unusual call patterns or device crashes

🔍 How to Verify

Check if Vulnerable:

Check device modem firmware version against Qualcomm advisory

Check Version:

adb shell getprop | grep version.baseband (Android)

Verify Fix Applied:

Verify modem firmware version has been updated to patched version

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots during calls
Modem crash logs
Abnormal call termination events

Network Indicators:

Unusual VoLTE call patterns
SIP protocol anomalies

SIEM Query:

Device logs showing modem crashes OR call failures with error codes

📊 Metadata

CVE ID: CVE-2023-22385

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-126

Published: October 3, 2023

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

9205 Lte Modem Firmware by Qualcomm

9206 Lte Modem Firmware by Qualcomm

9207 Lte Modem Firmware by Qualcomm

Apq5053 Aa Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8037 Firmware by Qualcomm

Apq8053 Aa Firmware by Qualcomm

Apq8053 Ac Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

C V2x 9150 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Mdm8207 Firmware by Qualcomm

Mdm9230 Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9330 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9630 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Msm8108 Firmware by Qualcomm

Msm8209 Firmware by Qualcomm

Msm8608 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca6174 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584 Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm