CVE-2023-33025

Q: What is the severity of CVE-2023-33025?

CVE-2023-33025 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows memory corruption in Qualcomm's Data Modem when processing a non-standard SDP body during a VoLTE call. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects smartphones and other devices using vulnerable Qualcomm chipsets.

9.8 CRITICAL

Denial of Service

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm's Data Modem when processing a non-standard SDP body during a VoLTE call. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. This affects smartphones and other devices using vulnerable Qualcomm chipsets.

💻 Affected Systems

Products:

Qualcomm chipsets with Data Modem functionality

Versions: Specific chipset versions not detailed in public advisory

Operating Systems: Android and other mobile OS using affected chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Requires VoLTE capability and network support. Affects mobile devices with vulnerable Qualcomm modem firmware.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Device crash or reboot causing denial of service during VoLTE calls.

🟢

If Mitigated

Limited impact if patched or if VoLTE is disabled.

🌐 Internet-Facing: HIGH - Can be triggered via malicious VoLTE calls from network.

🏢 Internal Only: LOW - Requires specific VoLTE call processing.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to send malicious VoLTE calls to target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to January 2024 Qualcomm security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates. 2. Apply latest firmware/OS update from device vendor. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable VoLTE

android

Turn off VoLTE capability to prevent exploitation via malicious calls

Settings > Network & Internet > Mobile network > VoLTE calls (toggle off)

🧯 If You Can't Patch

Disable VoLTE functionality in device settings
Use alternative communication methods (standard voice calls, VoIP apps)

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory

Check Version:

Settings > About phone > Android security patch level

Verify Fix Applied:

Verify device has January 2024 or later security patches installed

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Unexpected VoLTE call failures
Kernel panic related to modem

Network Indicators:

Malformed SDP packets in VoLTE signaling

SIEM Query:

device_logs: "modem crash" OR "VoLTE failure" OR "SDP parsing error"

📊 Metadata

CVE ID: CVE-2023-33025

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: January 2, 2024

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Sm4450 Firmware by Qualcomm

Snapdragon 680 4g Mobile Platform Firmware by Qualcomm

Snapdragon 685 4g Mobile Platform Firmware by Qualcomm

Snapdragon X65 5g Modem Rf System Firmware by Qualcomm

Snapdragon X70 Modem Rf System Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm