CVE-2023-24852

Q: What is the severity of CVE-2023-24852?

CVE-2023-24852 has a CVSS score of 8.4 (HIGH). This vulnerability allows memory corruption in Qualcomm's Core due to improper secure memory access while loading modem images. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices with Qualcomm chipsets that haven't applied the November 2023 security patches.

8.4 HIGH

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm's Core due to improper secure memory access while loading modem images. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices with Qualcomm chipsets that haven't applied the November 2023 security patches.

💻 Affected Systems

Products:

Qualcomm Snapdragon chipsets
Devices with Qualcomm modems

Versions: Specific affected chipset versions listed in Qualcomm November 2023 bulletin

Operating Systems: Android, Linux-based systems using Qualcomm chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices before November 2023 security patches. Exact chipset models vary - check Qualcomm advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Device crash/reboot (denial of service) or limited memory corruption affecting modem functionality.

🟢

If Mitigated

Minimal impact if patched; unpatched devices remain vulnerable to attacks requiring physical access or local exploitation.

🌐 Internet-Facing: MEDIUM - Requires specific conditions but could be exploited remotely via malicious baseband interactions.

🏢 Internal Only: HIGH - Local attackers or malicious apps could exploit this vulnerability more easily.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires specific knowledge of modem image loading process and memory layout. Likely requires local access or specialized radio equipment.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: November 2023 security patch level or later

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for November 2023 security update availability. 2. Apply OTA update from device settings. 3. For embedded systems, update Qualcomm firmware through vendor channels. 4. Reboot device after update.

🔧 Temporary Workarounds

Disable unnecessary modem features

all

Reduce attack surface by disabling unused modem capabilities

# Device-specific commands vary by manufacturer
# Consult device documentation for modem configuration

Restrict physical access

all

Prevent local exploitation by controlling device physical access

🧯 If You Can't Patch

Isolate affected devices on separate network segments
Implement strict application allowlisting to prevent malicious apps

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If before November 2023, device is likely vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows November 2023 or later. Check Qualcomm chipset firmware version if available.

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Kernel panic related to modem subsystem
Unexpected modem image loading attempts

Network Indicators:

Unusual baseband communication patterns
Suspicious modem firmware update attempts

SIEM Query:

source="kernel" AND ("modem crash" OR "qcom" OR "secure memory")

📊 Metadata

CVE ID: CVE-2023-24852

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: November 7, 2023

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

9205 Lte Modem Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

C V2x 9150 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6005 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Mdm9205s Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcf8000 Firmware by Qualcomm

Qcf8001 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm