CVE-2023-33017

Q: What is the severity of CVE-2023-33017?

CVE-2023-33017 has a CVSS score of 7.8 (HIGH). This CVE describes a memory corruption vulnerability in the UEFI boot process when running a ListVars test during boot. It affects Qualcomm devices with vulnerable firmware, potentially allowing attackers to execute arbitrary code during early boot stages before operating system security controls are active.

7.8 HIGH

📋 TL;DR

This CVE describes a memory corruption vulnerability in the UEFI boot process when running a ListVars test during boot. It affects Qualcomm devices with vulnerable firmware, potentially allowing attackers to execute arbitrary code during early boot stages before operating system security controls are active.

💻 Affected Systems

Products:

Qualcomm chipsets with vulnerable UEFI firmware

Versions: Specific firmware versions not detailed in references; check Qualcomm advisory for exact affected versions.

Operating Systems: Any OS running on affected Qualcomm hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in firmware, not OS-dependent. Affects devices during UEFI boot phase before OS loads.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution during boot, potentially allowing persistent firmware-level malware installation that survives OS reinstallation.

🟠

Likely Case

System crash or instability during boot, potentially leading to denial of service or limited code execution depending on exploit sophistication.

🟢

If Mitigated

No impact if patched firmware is installed or if physical access controls prevent unauthorized boot manipulation.

🌐 Internet-Facing: LOW - Requires physical access or local boot manipulation, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders with physical access to devices during boot process.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires physical access or ability to manipulate boot process. Memory corruption during UEFI boot is complex to weaponize reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check device manufacturer firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply firmware update following manufacturer instructions. 3. Reboot device to activate patched firmware.

🔧 Temporary Workarounds

Secure Boot Enforcement

all

Enable and enforce Secure Boot to prevent unauthorized boot modifications

Physical Security Controls

all

Implement physical security measures to prevent unauthorized device access during boot

🧯 If You Can't Patch

Implement strict physical access controls to prevent unauthorized boot manipulation
Use device encryption and secure boot features to limit impact of potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's patched versions. Use manufacturer-specific tools to verify UEFI firmware version.

Check Version:

Manufacturer-specific commands vary; consult device documentation for firmware version checking.

Verify Fix Applied:

Verify firmware version has been updated to patched version. Test boot process stability with ListVars functionality if available.

📡 Detection & Monitoring

Log Indicators:

Unexpected boot failures
UEFI firmware error messages
System instability during boot phase

Network Indicators:

None - this is a local boot-time vulnerability

SIEM Query:

Search for: 'boot failure', 'UEFI error', 'firmware crash' in system logs during boot events

📊 Metadata

CVE ID: CVE-2023-33017

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: December 5, 2023

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

9205 Lte Modem Firmware by Qualcomm

9206 Lte Modem Firmware by Qualcomm

9207 Lte Modem Firmware by Qualcomm

Apq5053 Aa Firmware by Qualcomm

Apq8009 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

C V2x 9150 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Mdm8207 Firmware by Qualcomm

Mdm9205s Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8108 Firmware by Qualcomm

Msm8209 Firmware by Qualcomm

Msm8608 Firmware by Qualcomm

Msm8905 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca4020 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9379 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn7606 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm