CVE-2023-33089

Q: What is the severity of CVE-2023-33089?

CVE-2023-33089 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause a denial-of-service (DoS) condition by sending specially crafted WLAN packets that trigger a NULL pointer dereference in the wireless driver. It affects devices with Qualcomm WLAN chipsets, particularly mobile devices, routers, and IoT products using vulnerable firmware versions.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause a denial-of-service (DoS) condition by sending specially crafted WLAN packets that trigger a NULL pointer dereference in the wireless driver. It affects devices with Qualcomm WLAN chipsets, particularly mobile devices, routers, and IoT products using vulnerable firmware versions.

💻 Affected Systems

Products:

Qualcomm WLAN chipsets
Devices with Qualcomm wireless components
Mobile devices
Routers
IoT devices

Versions: Specific vulnerable firmware versions listed in Qualcomm December 2023 bulletin

Operating Systems: Android, Linux-based systems, Embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with WLAN functionality enabled; exact chipset models and firmware versions vary by manufacturer implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring physical reboot, potentially disrupting critical wireless services and causing extended downtime.

🟠

Likely Case

Temporary wireless connectivity loss affecting affected devices until system restarts or recovers.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; isolated to affected wireless interfaces only.

🌐 Internet-Facing: MEDIUM - Requires attacker to be within wireless range or have network access to vulnerable interface.

🏢 Internal Only: MEDIUM - Internal wireless networks could be disrupted, but requires proximity or network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malformed WLAN packets to vulnerable interface; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates specified in Qualcomm December 2023 security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device after patching. 4. Verify patch installation.

🔧 Temporary Workarounds

Disable vulnerable WLAN interfaces

linux

Temporarily disable wireless functionality if not required

sudo ifconfig wlan0 down
sudo systemctl stop wpa_supplicant

Network segmentation

all

Isolate wireless networks from critical infrastructure

🧯 If You Can't Patch

Implement strict network access controls to limit who can send packets to WLAN interfaces
Deploy network monitoring for abnormal WLAN traffic patterns and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm advisory; examine system logs for WLAN driver crashes.

Check Version:

cat /proc/version or manufacturer-specific firmware check commands

Verify Fix Applied:

Verify firmware version has been updated to patched version; monitor for absence of WLAN driver crashes.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
WLAN driver crash logs
NULL pointer dereference errors in system logs

Network Indicators:

Unusual WLAN packet patterns
Multiple connection attempts to wireless interfaces
Abnormal broadcast/multicast traffic

SIEM Query:

source="kernel" AND "NULL pointer" AND ("WLAN" OR "wireless")

📊 Metadata

CVE ID: CVE-2023-33089

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: December 5, 2023

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Pmp8074 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca1062 Firmware by Qualcomm

Qca1064 Firmware by Qualcomm

Qca2062 Firmware by Qualcomm

Qca2064 Firmware by Qualcomm

Qca2065 Firmware by Qualcomm

Qca2066 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm