CVE-2023-33079

Q: What is the severity of CVE-2023-33079?

CVE-2023-33079 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption in the Audio subsystem when processing invalid audio recording data from the ADSP (Audio Digital Signal Processor). It affects Qualcomm devices with vulnerable audio components, potentially allowing attackers to execute arbitrary code or cause denial of service.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption in the Audio subsystem when processing invalid audio recording data from the ADSP (Audio Digital Signal Processor). It affects Qualcomm devices with vulnerable audio components, potentially allowing attackers to execute arbitrary code or cause denial of service.

💻 Affected Systems

Products:

Qualcomm chipsets with ADSP audio components

Versions: Specific versions not publicly detailed in references; affected by December 2023 Qualcomm security bulletin

Operating Systems: Android and other mobile/embedded OS using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm audio processing components; exact chipset models not specified in provided references

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent malware installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions on the device, potentially leading to data access or further system compromise.

🟢

If Mitigated

Denial of service causing audio functionality disruption or system instability without code execution.

🌐 Internet-Facing: LOW with brief explanation

🏢 Internal Only: HIGH with brief explanation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or ability to trigger invalid audio recording; memory corruption vulnerabilities often require specific conditions to exploit reliably

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches included in December 2023 Qualcomm security updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for available security updates. 2. Apply December 2023 or later Qualcomm security patches. 3. Reboot device after patch installation.

🔧 Temporary Workarounds

Disable unnecessary audio recording

all

Restrict audio recording permissions to essential applications only

Application sandboxing

all

Ensure audio processing applications run with minimal privileges

🧯 If You Can't Patch

Isolate affected devices from untrusted networks
Implement strict application control to prevent unauthorized audio processing

🔍 How to Verify

Check if Vulnerable:

Check device security patch level; if before December 2023 Qualcomm patches, likely vulnerable

Check Version:

On Android: Settings > About phone > Android security patch level

Verify Fix Applied:

Verify security patch level includes December 2023 or later Qualcomm updates

📡 Detection & Monitoring

Log Indicators:

Audio service crashes
ADSP subsystem errors
Memory access violation logs

Network Indicators:

Unusual audio data transmission patterns

SIEM Query:

Example: 'audio service crash' OR 'ADSP error' OR 'memory corruption audio'

📊 Metadata

CVE ID: CVE-2023-33079

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-823

Published: December 5, 2023

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq5053 Aa Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qm215 Firmware by Qualcomm

Qrb5165 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sd660 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sg4150p Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm4125 Firmware by Qualcomm

Sm4250 Aa Firmware by Qualcomm

Sm4350 Ac Firmware by Qualcomm

Sm4375 Firmware by Qualcomm

Sm6225 Ad Firmware by Qualcomm

Sm6225 Firmware by Qualcomm

Sm6350 Firmware by Qualcomm

Sm6375 Firmware by Qualcomm