CVE-2023-24850
📋 TL;DR
This vulnerability allows memory corruption in the High-Level Operating System (HLOS) when importing cryptographic keys into the KeyMaster Trusted Application on Qualcomm chipsets. Attackers could potentially execute arbitrary code or cause denial of service. Affected devices include smartphones, tablets, and IoT devices using vulnerable Qualcomm chipsets.
💻 Affected Systems
- Qualcomm chipsets with KeyMaster TA implementation
📦 What is this software?
Qualcomm 215 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Qualcomm 215 Mobile Platform Firmware →
Smart Audio 400 Platform Firmware by Qualcomm
Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 4 Gen 1 Mobile Platform Firmware →
Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 4 Gen 2 Mobile Platform Firmware →
Snapdragon 425 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 425 Mobile Platform Firmware →
Snapdragon 427 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 427 Mobile Platform Firmware →
Snapdragon 429 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 429 Mobile Platform Firmware →
Snapdragon 430 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 430 Mobile Platform Firmware →
Snapdragon 435 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 435 Mobile Platform Firmware →
Snapdragon 439 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 439 Mobile Platform Firmware →
Snapdragon 450 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 450 Mobile Platform Firmware →
Snapdragon 460 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 460 Mobile Platform Firmware →
Snapdragon 480 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 480 5g Mobile Platform Firmware →
Snapdragon 625 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 625 Mobile Platform Firmware →
Snapdragon 626 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 626 Mobile Platform Firmware →
Snapdragon 632 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 632 Mobile Platform Firmware →
Snapdragon 662 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 662 Mobile Platform Firmware →
Snapdragon 665 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 665 Mobile Platform Firmware →
Snapdragon 670 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 670 Mobile Platform Firmware →
Snapdragon 675 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 675 Mobile Platform Firmware →
Snapdragon 680 4g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 680 4g Mobile Platform Firmware →
Snapdragon 690 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 690 5g Mobile Platform Firmware →
Snapdragon 695 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 695 5g Mobile Platform Firmware →
Snapdragon 710 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 710 Mobile Platform Firmware →
Snapdragon 720g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 720g Mobile Platform Firmware →
Snapdragon 750g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 750g 5g Mobile Platform Firmware →
Snapdragon 778g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 778g 5g Mobile Platform Firmware →
Snapdragon 780g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 780g 5g Mobile Platform Firmware →
Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm
View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →
Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →
Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon 855 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 855 Mobile Platform Firmware →
Snapdragon 865 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 865 5g Mobile Platform Firmware →
Snapdragon 888 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 888 5g Mobile Platform Firmware →
Snapdragon Ar2 Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Ar2 Gen 1 Platform Firmware →
Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon W5\+ Gen 1 Wearable Platform Firmware →
Snapdragon X50 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X50 5g Modem Rf System Firmware →
Snapdragon X55 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X55 5g Modem Rf System Firmware →
Snapdragon X65 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X65 5g Modem Rf System Firmware →
Snapdragon X75 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X75 5g Modem Rf System Firmware →
Snapdragon Xr1 Platform Firmware by Qualcomm
Snapdragon Xr2 5g Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Xr2 5g Platform Firmware →
Snapdragon Xr2\+ Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Xr2\+ Gen 1 Platform Firmware →
Video Collaboration Vc1 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc1 Platform Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Full device compromise allowing arbitrary code execution with system privileges, potentially leading to data theft, persistent backdoors, or complete device control.
Likely Case
Application crashes, denial of service, or limited privilege escalation within the KeyMaster context.
If Mitigated
Controlled crashes or failed key import operations with no privilege escalation.
🎯 Exploit Status
Exploitation requires understanding of KeyMaster TA memory structures and ability to trigger key import operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Qualcomm October 2023 security bulletin for specific chipset firmware versions
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin
Restart Required: Yes
Instructions:
1. Check device manufacturer for security updates. 2. Apply Qualcomm firmware updates. 3. Update Android security patches. 4. Reboot device after update.
🔧 Temporary Workarounds
Disable KeyMaster TA
androidDisable KeyMaster Trusted Application functionality if not required
Device-specific configuration changes - consult manufacturer documentation
🧯 If You Can't Patch
- Restrict installation of untrusted applications
- Implement application sandboxing and privilege separation
🔍 How to Verify
Check if Vulnerable:
Check device chipset version and firmware against Qualcomm advisory. Use 'getprop ro.boot.hardware' and 'getprop ro.build.fingerprint' on Android devices.Check Version:
adb shell getprop | grep -E 'ro.boot.hardware|ro.build.fingerprint|ro.build.version.security_patch'Verify Fix Applied:
Verify Android security patch level is October 2023 or later. Check with device manufacturer for specific firmware updates.📡 Detection & Monitoring
Log Indicators:
- KeyMaster TA crash logs
- Cryptographic operation failures
- Memory access violation in HLOS
Network Indicators:
- None - local vulnerability
SIEM Query:
Search for KeyMaster-related process crashes or cryptographic service failures in device logs