CVE-2023-28547

Q: What is the severity of CVE-2023-28547?

CVE-2023-28547 has a CVSS score of 8.4 (HIGH). This CVE describes a memory corruption vulnerability in the SPS Application's sorter Trusted Application (TA) when requesting public keys. Successful exploitation could allow attackers to execute arbitrary code or cause denial of service. The vulnerability affects Qualcomm chipsets used in mobile devices and IoT products.

8.4 HIGH

📋 TL;DR

This CVE describes a memory corruption vulnerability in the SPS Application's sorter Trusted Application (TA) when requesting public keys. Successful exploitation could allow attackers to execute arbitrary code or cause denial of service. The vulnerability affects Qualcomm chipsets used in mobile devices and IoT products.

💻 Affected Systems

Products:

Qualcomm chipsets with SPS Application

Versions: Multiple Qualcomm chipset versions prior to April 2024 security updates

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm chipsets; exact device models depend on manufacturer implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crash or denial of service affecting device functionality.

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access or ability to execute code in the affected TA context.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: April 2024 security patch level or later

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check with device manufacturer for available security updates. 2. Apply April 2024 or later security patches. 3. Reboot device after patch installation.

🔧 Temporary Workarounds

Disable unnecessary TA functionality

all

Restrict access to sorter TA if not required for device operation

🧯 If You Can't Patch

Implement strict application sandboxing to limit TA access
Deploy runtime memory protection mechanisms like ASLR and DEP

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in settings; if before April 2024, likely vulnerable.

Check Version:

On Android: Settings > About phone > Android version > Security patch level

Verify Fix Applied:

Verify security patch level shows April 2024 or later after update.

📡 Detection & Monitoring

Log Indicators:

Crash logs from sorter TA
Unexpected memory access violations in system logs

Network Indicators:

Unusual TA communication patterns

SIEM Query:

Search for process crashes related to 'sorter' or 'SPS' components

📊 Metadata

CVE ID: CVE-2023-28547

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: April 1, 2024

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

215 Mobile Firmware by Qualcomm

315 5g Iot Firmware by Qualcomm

9205 Lte Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8037 Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

C V2x 9150 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Home Hub 100 Firmware by Qualcomm

Mdm9205s Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Pm8937 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6234 Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9379 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm2150 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn7606 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm