CVE-2023-33053

Q: What is the severity of CVE-2023-33053?

CVE-2023-33053 has a CVSS score of 8.4 (HIGH). This vulnerability allows memory corruption in Qualcomm kernel components when parsing metadata, potentially enabling local privilege escalation or denial of service. It affects devices with Qualcomm chipsets, particularly Android smartphones and IoT devices.

8.4 HIGH

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm kernel components when parsing metadata, potentially enabling local privilege escalation or denial of service. It affects devices with Qualcomm chipsets, particularly Android smartphones and IoT devices.

💻 Affected Systems

Products:

Qualcomm chipsets with affected kernel components
Android devices using Qualcomm SoCs
IoT devices with Qualcomm processors

Versions: Specific affected versions detailed in Qualcomm December 2023 bulletin

Operating Systems: Android, Linux-based systems with Qualcomm kernel drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in Qualcomm kernel components, so impact depends on device manufacturers implementing patches.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise via kernel privilege escalation leading to root access, persistent backdoor installation, or complete system crash.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions on compromised devices.

🟢

If Mitigated

Limited impact with proper kernel hardening, SELinux policies, and restricted user access preventing exploitation.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access or a separate remote vector to trigger.

🏢 Internal Only: MEDIUM - Malicious insiders or compromised user accounts could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and kernel exploitation knowledge. No public exploits known as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in Qualcomm December 2023 security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm December 2023 bulletin for specific patch details. 2. Contact device manufacturer for firmware updates. 3. Apply kernel patches through official vendor channels. 4. Reboot device after patch installation.

🔧 Temporary Workarounds

Restrict local user access

all

Limit user accounts and applications with kernel access capabilities

Enable SELinux enforcing mode

linux

Strengthen kernel security policies to limit exploitation impact

setenforce 1
getenforce

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Monitor for unusual kernel activity and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check kernel version and Qualcomm component versions against December 2023 bulletin

Check Version:

uname -a (for kernel version)

Verify Fix Applied:

Verify kernel version has been updated to patched version from manufacturer

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unexpected privilege escalation attempts
Abnormal kernel module loading

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Search for kernel panic events or privilege escalation patterns in system logs

📊 Metadata

CVE ID: CVE-2023-33053

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

Published: December 5, 2023

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Csr8811 Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qcf8000 Firmware by Qualcomm

Qcf8001 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5124 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn5154 Firmware by Qualcomm

Qcn5164 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6112 Firmware by Qualcomm

Qcn6122 Firmware by Qualcomm

Qcn6132 Firmware by Qualcomm

Qcn9000 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9013 Firmware by Qualcomm

Qcn9022 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9070 Firmware by Qualcomm

Qcn9072 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcn9100 Firmware by Qualcomm