CVE-2023-33034

Q: What is the severity of CVE-2023-33034?

CVE-2023-33034 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption while parsing ADSP response commands in Qualcomm chipsets, potentially enabling remote code execution. It affects devices using vulnerable Qualcomm components, primarily mobile devices and IoT products.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption while parsing ADSP response commands in Qualcomm chipsets, potentially enabling remote code execution. It affects devices using vulnerable Qualcomm components, primarily mobile devices and IoT products.

💻 Affected Systems

Products:

Qualcomm chipsets with ADSP components
Devices using affected Qualcomm chipsets

Versions: Multiple Qualcomm chipset versions prior to October 2023 patches

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm chipsets that include ADSP functionality. Specific chipset models listed in Qualcomm advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full control of affected device, potentially leading to data theft, surveillance, or device compromise.

🟠

Likely Case

Local privilege escalation or denial of service attacks on vulnerable devices.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM - Requires specific conditions but could be exploited remotely in certain configurations.

🏢 Internal Only: HIGH - Easier to exploit in controlled environments with direct access to vulnerable components.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires specific conditions and knowledge of ADSP communication protocols.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Qualcomm October 2023 security updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for available updates. 2. Apply Qualcomm October 2023 security patches. 3. Reboot device after patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate devices with vulnerable chipsets from untrusted networks

Disable Unnecessary Services

linux

Disable ADSP-related services if not required for device functionality

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for unusual ADSP-related process behavior

🔍 How to Verify

Check if Vulnerable:

Check device chipset version and compare against Qualcomm October 2023 advisory

Check Version:

adb shell getprop ro.boot.qcom.version (for Android devices)

Verify Fix Applied:

Verify device has October 2023 or later Qualcomm security patches installed

📡 Detection & Monitoring

Log Indicators:

Unusual ADSP process crashes
Memory corruption errors in system logs

Network Indicators:

Unexpected ADSP protocol traffic
Unusual inter-process communication patterns

SIEM Query:

source="system_logs" AND ("ADSP" OR "Qualcomm") AND ("crash" OR "corruption")

📊 Metadata

CVE ID: CVE-2023-33034

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-195

Published: October 3, 2023

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq5053 Aa Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Robotics Rb5 Platform Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sm4350 Ac Firmware by Qualcomm

Sm4375 Firmware by Qualcomm

Sm6375 Firmware by Qualcomm

Sm7315 Firmware by Qualcomm

Sm7325 Ae Firmware by Qualcomm

Sm7325 Af Firmware by Qualcomm

Sm7325 Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Sm7350 Ab Firmware by Qualcomm

Sm8350 Ac Firmware by Qualcomm

Sm8350 Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Video Collaboration Vc1 Platform Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn685x 1 Firmware by Qualcomm

Wcn685x 5 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm