CVE-2023-33043

Q: What is the severity of CVE-2023-33043?

CVE-2023-33043 has a CVSS score of 7.5 (HIGH). This vulnerability allows a denial-of-service (DoS) attack on Qualcomm modems when a beam switch request is made with a non-configured bandwidth part (BWP). It affects devices using Qualcomm modems with vulnerable firmware, primarily mobile devices and IoT equipment.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows a denial-of-service (DoS) attack on Qualcomm modems when a beam switch request is made with a non-configured bandwidth part (BWP). It affects devices using Qualcomm modems with vulnerable firmware, primarily mobile devices and IoT equipment.

💻 Affected Systems

Products:

Qualcomm modem chipsets

Versions: Specific firmware versions not publicly detailed; refer to Qualcomm advisory for exact versions.

Operating Systems: Android, Linux-based modem firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm modem firmware; exact device models depend on manufacturer implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete modem failure causing loss of cellular connectivity until device restart, potentially affecting emergency services access.

🟠

Likely Case

Temporary loss of cellular data/voice connectivity requiring device reboot to restore functionality.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; isolated to affected device only.

🌐 Internet-Facing: MEDIUM - Requires proximity to target device and specialized equipment/knowledge to exploit.

🏢 Internal Only: LOW - Typically requires physical proximity or compromised network access to target device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Exploitation requires specialized knowledge of modem protocols and likely physical proximity or network-level access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer updates; Qualcomm has provided fixes to OEMs.

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for security updates. 2. Apply available firmware updates. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Network segmentation

all

Isolate vulnerable devices from untrusted networks to reduce attack surface.

Monitor for unusual modem behavior

all

Implement monitoring for modem disconnections or failures.

🧯 If You Can't Patch

Isolate affected devices on separate network segments
Implement strict physical access controls for vulnerable devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer security bulletins; no direct command available.

Check Version:

Device-specific; typically in Settings > About Phone > Baseband Version or similar.

Verify Fix Applied:

Verify firmware version has been updated to patched version from manufacturer.

📡 Detection & Monitoring

Log Indicators:

Unexpected modem resets
Beam switch failure logs
Modem connectivity loss events

Network Indicators:

Sudden loss of cellular connectivity in monitored devices
Abnormal beam switching patterns

SIEM Query:

Search for modem failure events or baseband resets in device logs.

📊 Metadata

CVE ID: CVE-2023-33043

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

Published: December 5, 2023

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs4490 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdx57m Firmware by Qualcomm

Sm4350 Ac Firmware by Qualcomm

Sm4350 Firmware by Qualcomm

Sm4375 Firmware by Qualcomm

Sm6375 Firmware by Qualcomm

Sm7315 Firmware by Qualcomm

Sm7325 Ae Firmware by Qualcomm

Sm7325 Af Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Sm7350 Ab Firmware by Qualcomm

Sm8350 Ac Firmware by Qualcomm

Sm8350 Firmware by Qualcomm

Sm8450 Firmware by Qualcomm

Sm8475 Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon X65 5g Modem Rf System Firmware by Qualcomm

Snapdragon X70 Modem Rf System Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn685x 1 Firmware by Qualcomm

Wcn685x 5 Firmware by Qualcomm

Wcn785x 1 Firmware by Qualcomm

Wcn785x 5 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm

Wsa8840 Firmware by Qualcomm

Wsa8845 Firmware by Qualcomm

Wsa8845h Firmware by Qualcomm