CVE-2023-24855

Q: What is the severity of CVE-2023-24855?

CVE-2023-24855 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows memory corruption in Qualcomm modem chipsets while processing security configuration before AS Security Exchange. Attackers could potentially execute arbitrary code on affected devices. This affects smartphones and other devices using vulnerable Qualcomm modem chipsets.

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm modem chipsets while processing security configuration before AS Security Exchange. Attackers could potentially execute arbitrary code on affected devices. This affects smartphones and other devices using vulnerable Qualcomm modem chipsets.

💻 Affected Systems

Products:

Qualcomm modem chipsets

Versions: Specific affected versions not publicly detailed in advisory

Operating Systems: Android and other mobile operating systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm modem firmware. Exact chipset models not specified in public advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Device crash/reboot, denial of service, or limited code execution depending on exploit sophistication.

🟢

If Mitigated

Limited impact with proper network segmentation and security controls in place.

🌐 Internet-Facing: HIGH - Can be exploited remotely without user interaction.

🏢 Internal Only: MEDIUM - Requires network access but could be exploited internally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted packets to vulnerable modem. No public exploit available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer security updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for security updates. 2. Apply latest firmware/OS updates. 3. Reboot device after update.

🔧 Temporary Workarounds

Network segmentation

all

Isolate vulnerable devices from untrusted networks

Disable unnecessary modem features

all

Reduce attack surface by disabling unused modem functionality

🧯 If You Can't Patch

Isolate affected devices in separate network segments
Implement strict network access controls and monitoring

🔍 How to Verify

Check if Vulnerable:

Check device manufacturer security bulletins for affected models and firmware versions

Check Version:

Device-specific commands vary by manufacturer (e.g., Android: Settings > About phone > Build number)

Verify Fix Applied:

Verify device has latest security updates from manufacturer and modem firmware version is patched

📡 Detection & Monitoring

Log Indicators:

Unexpected modem crashes/resets
Abnormal modem initialization sequences

Network Indicators:

Unusual modem protocol traffic patterns
Suspicious packets to modem interfaces

SIEM Query:

Search for modem-related crash logs or abnormal modem initialization events

📊 Metadata

CVE ID: CVE-2023-24855

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-823

Published: October 3, 2023

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Sdx57m Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm4350 Ac Firmware by Qualcomm

Sm7325 Ae Firmware by Qualcomm

Sm7325 Af Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Sm8350 Ac Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

Snapdragon 695 5g Mobile Platform Firmware by Qualcomm

Snapdragon 778g 5g Mobile Platform Firmware by Qualcomm

Snapdragon 780g 5g Mobile Platform Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 888 5g Mobile Platform Firmware by Qualcomm

Snapdragon X65 5g Modem Rf System Firmware by Qualcomm

Snapdragon X70 Modem Rf System Firmware by Qualcomm

Snapdragon X75 5g Modem Rf System Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm