CVE-2023-33087
📋 TL;DR
This vulnerability involves memory corruption in Qualcomm's Core component while processing RX intent requests, potentially allowing attackers to execute arbitrary code or cause denial of service. It affects devices using vulnerable Qualcomm chipsets, primarily mobile devices and IoT products.
💻 Affected Systems
- Qualcomm chipsets with vulnerable Core component
📦 What is this software?
Flight Rb5 5g Platform Firmware by Qualcomm
Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 4 Gen 2 Mobile Platform Firmware →
Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Platform Firmware →
Snapdragon Ar2 Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Ar2 Gen 1 Platform Firmware →
Snapdragon Auto 5g Modem Rf Firmware by Qualcomm
View all CVEs affecting Snapdragon Auto 5g Modem Rf Firmware →
Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm
View all CVEs affecting Snapdragon Auto 5g Modem Rf Gen 2 Firmware →
Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon W5\+ Gen 1 Wearable Platform Firmware →
Snapdragon X75 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X75 5g Modem Rf System Firmware →
Video Collaboration Vc1 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc1 Platform Firmware →
Video Collaboration Vc3 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc3 Platform Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation
Likely Case
Device crash/reboot (denial of service) or limited code execution in privileged context
If Mitigated
No impact if patched or if exploit attempts are blocked by network controls
🎯 Exploit Status
Memory corruption vulnerabilities often require specific conditions to exploit reliably; no public exploit available as of advisory date
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to device manufacturer updates; Qualcomm provides fixes to OEMs
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
Restart Required: Yes
Instructions:
1. Check with device manufacturer for security updates 2. Apply available firmware/OS updates 3. Reboot device after update
🔧 Temporary Workarounds
Network segmentation
allIsolate affected devices from untrusted networks to reduce attack surface
Disable unnecessary wireless interfaces
allTurn off Bluetooth/Wi-Fi when not needed to limit attack vectors
🧯 If You Can't Patch
- Segment affected devices in isolated network zones
- Implement strict network access controls and monitor for anomalous behavior
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against manufacturer's security bulletin; no direct command availableCheck Version:
Device-specific (e.g., Android: Settings > About phone > Build number)Verify Fix Applied:
Verify latest security patches are installed and device reports updated firmware version📡 Detection & Monitoring
Log Indicators:
- Unexpected device reboots
- Kernel panic logs
- Memory corruption errors in system logs
Network Indicators:
- Unusual Bluetooth/Wi-Fi connection attempts to affected devices
- Anomalous network traffic patterns
SIEM Query:
Device logs showing repeated crashes or memory errors from Qualcomm chipset devices