CVE-2023-28546

Q: What is the severity of CVE-2023-28546?

CVE-2023-28546 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption in Qualcomm's SPS application when exporting public keys in the sorter TA. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects devices using Qualcomm chipsets with vulnerable firmware.

7.8 HIGH

Buffer Overflow

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm's SPS application when exporting public keys in the sorter TA. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects devices using Qualcomm chipsets with vulnerable firmware.

💻 Affected Systems

Products:

Qualcomm chipsets with SPS application

Versions: Specific firmware versions as listed in Qualcomm advisories

Operating Systems: Android, Linux-based systems using Qualcomm chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm chipsets that include the vulnerable SPS firmware component

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Application crash or denial of service affecting specific functionality

🟢

If Mitigated

Limited impact due to TrustZone isolation preventing full system compromise

🌐 Internet-Facing: MEDIUM - Requires specific conditions but could be triggered via network interactions

🏢 Internal Only: MEDIUM - Local applications could trigger the vulnerability

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires specific conditions and knowledge of the memory corruption vulnerability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm December 2023 security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset models. 2. Obtain firmware updates from device manufacturer. 3. Apply firmware update following manufacturer instructions. 4. Reboot device to complete installation.

🔧 Temporary Workarounds

Disable vulnerable functionality

all

Restrict or disable SPS application functionality if not required

Enhanced memory protection

linux

Enable ASLR and other memory protection mechanisms

🧯 If You Can't Patch

Isolate affected devices from untrusted networks
Implement strict application control to prevent unauthorized SPS usage

🔍 How to Verify

Check if Vulnerable:

Check firmware version against Qualcomm's advisory list of vulnerable versions

Check Version:

Device-specific commands vary by manufacturer; typically in Settings > About Phone > Build Number

Verify Fix Applied:

Verify firmware version has been updated to patched version listed in Qualcomm bulletin

📡 Detection & Monitoring

Log Indicators:

SPS application crashes
TrustZone TA abnormal termination logs
Memory access violation errors

Network Indicators:

Unexpected SPS-related network traffic
Abnormal cryptographic operations

SIEM Query:

source="device_logs" AND ("SPS" OR "sorter_TA") AND ("crash" OR "memory" OR "corruption")

📊 Metadata

CVE ID: CVE-2023-28546

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: December 5, 2023

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

9205 Lte Modem Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8037 Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

C V2x 9150 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Home Hub 100 Platform Firmware by Qualcomm

Mdm9205s Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Pm8937 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6234 Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9379 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn7606 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm