CVE-2023-33081
📋 TL;DR
CVE-2023-33081 is a buffer overflow vulnerability in Qualcomm chipsets that occurs when processing Target Wake Time (TWT) frame parameters in over-the-air broadcasts. This vulnerability allows attackers to cause a denial-of-service condition by sending specially crafted TWT frames. Affected systems include devices using vulnerable Qualcomm wireless chipsets.
💻 Affected Systems
- Qualcomm wireless chipsets with TWT support
📦 What is this software?
Immersive Home 214 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 214 Platform Firmware →
Immersive Home 216 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 216 Platform Firmware →
Immersive Home 316 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 316 Platform Firmware →
Immersive Home 318 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 318 Platform Firmware →
Immersive Home 3210 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 3210 Platform Firmware →
Immersive Home 326 Platform Firmware by Qualcomm
View all CVEs affecting Immersive Home 326 Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon Ar2 Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Ar2 Gen 1 Platform Firmware →
Snapdragon X55 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X55 5g Modem Rf System Firmware →
Snapdragon X65 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X65 5g Modem Rf System Firmware →
Snapdragon X75 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X75 5g Modem Rf System Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Complete system crash requiring hardware reset, potentially disrupting critical wireless communications and causing extended downtime.
Likely Case
Temporary denial-of-service affecting wireless connectivity until system automatically recovers or is manually restarted.
If Mitigated
Minimal impact with proper network segmentation and monitoring detecting anomalous TWT frame patterns.
🎯 Exploit Status
Exploitation requires sending specially crafted TWT frames to vulnerable devices, which can be done without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Qualcomm security bulletin for specific chipset firmware versions
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
Restart Required: Yes
Instructions:
1. Check Qualcomm advisory for affected chipset models. 2. Obtain updated firmware from device manufacturer. 3. Apply firmware update following manufacturer instructions. 4. Reboot device to activate patch.
🔧 Temporary Workarounds
Disable TWT feature
linuxDisable Target Wake Time functionality to prevent processing of vulnerable frames
# Check current TWT status
iw dev wlan0 get twt
# Disable TWT
iw dev wlan0 set twt off
🧯 If You Can't Patch
- Implement network segmentation to isolate vulnerable devices
- Deploy wireless intrusion detection systems to monitor for anomalous TWT frame patterns
🔍 How to Verify
Check if Vulnerable:
Check chipset firmware version against Qualcomm's affected versions list in the security bulletinCheck Version:
# Check Qualcomm chipset firmware version
cat /sys/class/net/wlan0/device/firmware_versionVerify Fix Applied:
Verify firmware version has been updated to patched version and test TWT functionality📡 Detection & Monitoring
Log Indicators:
- System crashes or reboots following wireless frame processing
- Kernel panic logs related to wireless drivers
Network Indicators:
- Unusual TWT frame patterns or malformed TWT parameters in wireless traffic
SIEM Query:
wireless AND (TWT OR "Target Wake Time") AND (crash OR panic OR dos)