CVE-2023-33085

Q: What is the severity of CVE-2023-33085?

CVE-2023-33085 has a CVSS score of 7.8 (HIGH). This vulnerability involves memory corruption in Qualcomm wearable devices while processing data from the Always-On (AON) subsystem. Attackers could potentially execute arbitrary code or cause denial of service on affected wearables. The vulnerability affects Qualcomm-powered wearable devices with specific chipsets.

7.8 HIGH

Buffer Overflow

📋 TL;DR

This vulnerability involves memory corruption in Qualcomm wearable devices while processing data from the Always-On (AON) subsystem. Attackers could potentially execute arbitrary code or cause denial of service on affected wearables. The vulnerability affects Qualcomm-powered wearable devices with specific chipsets.

💻 Affected Systems

Products:

Qualcomm wearable chipsets (specific models not publicly detailed in advisory)

Versions: Specific firmware versions not publicly detailed; affects chipsets prior to January 2024 patches

Operating Systems: Wear OS, proprietary wearable operating systems using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects wearables with Qualcomm chipsets that include AON subsystems. Exact device models not specified in public advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution allowing complete device compromise, data theft, or persistent malware installation on wearable devices.

🟠

Likely Case

Device crash or reboot leading to denial of service, potentially requiring physical reset of the wearable device.

🟢

If Mitigated

Limited impact with proper network segmentation and device isolation, potentially only causing temporary service disruption.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted data to the AON subsystem, but specific attack vectors are not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released in January 2024 security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin

Restart Required: Yes

Instructions:

1. Check with wearable device manufacturer for firmware updates. 2. Apply the latest firmware update from the device manufacturer. 3. Restart the wearable device after update installation.

🔧 Temporary Workarounds

Disable unnecessary connectivity features

all

Reduce attack surface by disabling Bluetooth, Wi-Fi, or other connectivity features when not needed

Limit device pairing

all

Only pair wearable with trusted devices and avoid public Bluetooth connections

🧯 If You Can't Patch

Isolate wearable devices on separate network segments
Implement strict Bluetooth pairing policies and monitor for unusual connection attempts

🔍 How to Verify

Check if Vulnerable:

Check wearable device firmware version against manufacturer's security bulletin. Contact device manufacturer for specific vulnerability status.

Check Version:

Check in device settings > About > Software information (exact path varies by device)

Verify Fix Applied:

Verify firmware version has been updated to January 2024 or later security patch level

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
Bluetooth connection anomalies
Memory error logs in device diagnostics

Network Indicators:

Unusual Bluetooth traffic patterns
Multiple failed pairing attempts from unknown devices

SIEM Query:

Not applicable - wearables typically don't integrate with enterprise SIEM systems

📊 Metadata

CVE ID: CVE-2023-33085

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: January 2, 2024

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qdu1000 Firmware by Qualcomm

Qdu1010 Firmware by Qualcomm

Qdu1110 Firmware by Qualcomm

Qdu1210 Firmware by Qualcomm

Qdx1010 Firmware by Qualcomm

Qdx1011 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Qru1032 Firmware by Qualcomm

Qru1052 Firmware by Qualcomm

Qru1062 Firmware by Qualcomm

Robotics Rb5 Platform Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm7315 Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

Snapdragon 680 4g Mobile Platform Firmware by Qualcomm

Snapdragon 685 4g Mobile Platform Firmware by Qualcomm

Snapdragon 695 5g Mobile Platform Firmware by Qualcomm

Snapdragon 778g 5g Mobile Platform Firmware by Qualcomm

Snapdragon 778g 5g Mobile Platform Firmware by Qualcomm

Snapdragon 780g 5g Mobile Platform Firmware by Qualcomm

Snapdragon 782g Mobile Platform Firmware by Qualcomm

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 888 5g Mobile Platform Firmware by Qualcomm

Snapdragon 888 5g Mobile Platform Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Firmware by Qualcomm

Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm