CVE-2023-28549

Q: What is the severity of CVE-2023-28549?

CVE-2023-28549 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption in Qualcomm's WLAN HAL (Hardware Abstraction Layer) when parsing received network buffers containing TLV (Type-Length-Value) payloads. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects devices using Qualcomm wireless chipsets with vulnerable WLAN firmware.

7.8 HIGH

Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm's WLAN HAL (Hardware Abstraction Layer) when parsing received network buffers containing TLV (Type-Length-Value) payloads. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects devices using Qualcomm wireless chipsets with vulnerable WLAN firmware.

💻 Affected Systems

Products:

Qualcomm WLAN chipsets and associated firmware

Versions: Specific vulnerable versions not publicly detailed in bulletin

Operating Systems: Android, Linux-based systems using Qualcomm WLAN

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm WLAN hardware when wireless interface is active. Exact chipset models not specified in public bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Device crash/reboot (denial of service) or limited memory corruption leading to unstable wireless connectivity.

🟢

If Mitigated

Isolated crash of WLAN subsystem with automatic recovery, minimal service disruption.

🌐 Internet-Facing: MEDIUM - Requires attacker to be within wireless range or have network access to send malicious packets.

🏢 Internal Only: MEDIUM - Same attack vector applies internally if attacker has network access to vulnerable device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious wireless packets. No public exploits known as of bulletin publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to September 2023 Qualcomm security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided WLAN firmware patches. 3. Reboot device to load new firmware.

🔧 Temporary Workarounds

Disable wireless interfaces

linux

Temporarily disable Wi-Fi to prevent exploitation

nmcli radio wifi off
ip link set wlan0 down

Network segmentation

all

Isolate vulnerable devices on separate network segments

🧯 If You Can't Patch

Implement strict network access controls to limit who can send packets to vulnerable devices
Monitor for unusual wireless activity or device crashes indicating potential exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's patched versions in September 2023 bulletin

Check Version:

dmesg | grep -i wlan or check manufacturer-specific firmware version tools

Verify Fix Applied:

Verify WLAN firmware version has been updated to patched version from manufacturer

📡 Detection & Monitoring

Log Indicators:

Kernel panics
WLAN driver crashes
Unexpected device reboots
Memory corruption errors in system logs

Network Indicators:

Malformed 802.11 packets
Unusual TLV structures in wireless traffic

SIEM Query:

source="kernel" AND ("panic" OR "oops" OR "WLAN" OR "wifi") AND ("corruption" OR "buffer" OR "TLV")

📊 Metadata

CVE ID: CVE-2023-28549

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: September 5, 2023

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071 Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072 Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Pmp8074 Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca1062 Firmware by Qualcomm

Qca1064 Firmware by Qualcomm

Qca2062 Firmware by Qualcomm

Qca2064 Firmware by Qualcomm

Qca2065 Firmware by Qualcomm

Qca2066 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6428 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6438 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm