CVE-2023-33099

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows a denial-of-service (DoS) attack on 5G NR (New Radio) devices by sending specially crafted SMS messages with non-standard container sizes. It affects mobile devices using Qualcomm chipsets with vulnerable firmware. Attackers can temporarily disrupt cellular connectivity on targeted devices.

💻 Affected Systems

Products:

• Qualcomm Snapdragon mobile platforms
• 5G NR devices with Qualcomm modems

Versions: Specific firmware versions not publicly detailed; refer to Qualcomm security bulletin for affected versions.

Operating Systems: Android and other mobile OS using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm firmware; exact device models depend on chipset and firmware version.

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

View all CVEs affecting 315 5g Iot Modem Firmware →

Ar8035 Firmware by Qualcomm

View all CVEs affecting Ar8035 Firmware →

Fastconnect 6200 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6200 Firmware →

Fastconnect 6700 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6700 Firmware →

Fastconnect 6800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6800 Firmware →

Fastconnect 6900 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6900 Firmware →

Fastconnect 7800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 7800 Firmware →

Qca6174a Firmware by Qualcomm

View all CVEs affecting Qca6174a Firmware →

Qca6391 Firmware by Qualcomm

View all CVEs affecting Qca6391 Firmware →

Qca6421 Firmware by Qualcomm

View all CVEs affecting Qca6421 Firmware →

Qca6426 Firmware by Qualcomm

View all CVEs affecting Qca6426 Firmware →

Qca6431 Firmware by Qualcomm

View all CVEs affecting Qca6431 Firmware →

Qca6436 Firmware by Qualcomm

View all CVEs affecting Qca6436 Firmware →

Qca6574a Firmware by Qualcomm

View all CVEs affecting Qca6574a Firmware →

Qca6584au Firmware by Qualcomm

View all CVEs affecting Qca6584au Firmware →

Qca6595au Firmware by Qualcomm

View all CVEs affecting Qca6595au Firmware →

Qca6696 Firmware by Qualcomm

View all CVEs affecting Qca6696 Firmware →

Qca6698aq Firmware by Qualcomm

View all CVEs affecting Qca6698aq Firmware →

Qca8081 Firmware by Qualcomm

View all CVEs affecting Qca8081 Firmware →

Qca8337 Firmware by Qualcomm

View all CVEs affecting Qca8337 Firmware →

Qcc710 Firmware by Qualcomm

View all CVEs affecting Qcc710 Firmware →

Qcm4490 Firmware by Qualcomm

View all CVEs affecting Qcm4490 Firmware →

Qcm5430 Firmware by Qualcomm

View all CVEs affecting Qcm5430 Firmware →

Qcm6490 Firmware by Qualcomm

View all CVEs affecting Qcm6490 Firmware →

Qcm8550 Firmware by Qualcomm

View all CVEs affecting Qcm8550 Firmware →

Qcn6024 Firmware by Qualcomm

View all CVEs affecting Qcn6024 Firmware →

Qcn6224 Firmware by Qualcomm

View all CVEs affecting Qcn6224 Firmware →

Qcn6274 Firmware by Qualcomm

View all CVEs affecting Qcn6274 Firmware →

Qcn9024 Firmware by Qualcomm

View all CVEs affecting Qcn9024 Firmware →

Qcs4490 Firmware by Qualcomm

View all CVEs affecting Qcs4490 Firmware →

Qcs5430 Firmware by Qualcomm

View all CVEs affecting Qcs5430 Firmware →

Qcs6490 Firmware by Qualcomm

View all CVEs affecting Qcs6490 Firmware →

Qcs8550 Firmware by Qualcomm

View all CVEs affecting Qcs8550 Firmware →

Qep8111 Firmware by Qualcomm

View all CVEs affecting Qep8111 Firmware →

Qfw7114 Firmware by Qualcomm

View all CVEs affecting Qfw7114 Firmware →

Qfw7124 Firmware by Qualcomm

View all CVEs affecting Qfw7124 Firmware →

Sd855 Firmware by Qualcomm

View all CVEs affecting Sd855 Firmware →

Sd865 5g Firmware by Qualcomm

View all CVEs affecting Sd865 5g Firmware →

Sd888 Firmware by Qualcomm

View all CVEs affecting Sd888 Firmware →

Sdx55 Firmware by Qualcomm

View all CVEs affecting Sdx55 Firmware →

Sdx57m Firmware by Qualcomm

View all CVEs affecting Sdx57m Firmware →

Sg8275p Firmware by Qualcomm

View all CVEs affecting Sg8275p Firmware →

Sm7250p Firmware by Qualcomm

View all CVEs affecting Sm7250p Firmware →

Sm7315 Firmware by Qualcomm

View all CVEs affecting Sm7315 Firmware →

Sm7325p Firmware by Qualcomm

View all CVEs affecting Sm7325p Firmware →

Sm8550p Firmware by Qualcomm

View all CVEs affecting Sm8550p Firmware →

Snapdragon 4 Gen 1 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 4 Gen 1 Mobile Firmware →

Snapdragon 4 Gen 2 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 4 Gen 2 Mobile Firmware →

Snapdragon 480 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 480 5g Mobile Firmware →

Snapdragon 480 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 480 5g Mobile Firmware →

Snapdragon 690 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 690 5g Mobile Firmware →

Snapdragon 695 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 695 5g Mobile Firmware →

Snapdragon 750g 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 750g 5g Mobile Firmware →

Snapdragon 765 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 765 5g Mobile Firmware →

Snapdragon 765g 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 765g 5g Mobile Firmware →

Snapdragon 768g 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 768g 5g Mobile Firmware →

Snapdragon 778g 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 778g 5g Mobile Firmware →

Snapdragon 778g 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 778g 5g Mobile Firmware →

Snapdragon 780g 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 780g 5g Mobile Firmware →

Snapdragon 782g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 782g Mobile Firmware →

Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm

View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 1 Mobile Firmware →

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 1 Mobile Firmware →

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 2 Mobile Firmware →

Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 2 Mobile Firmware →

Snapdragon 8 Gen 3 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 3 Mobile Firmware →

Snapdragon 855 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 855 Mobile Firmware →

Snapdragon 855 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 855 Mobile Firmware →

Snapdragon 860 Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 860 Mobile Firmware →

Snapdragon 865 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 865 5g Mobile Firmware →

Snapdragon 865 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 865 5g Mobile Firmware →

Snapdragon 870 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 870 5g Mobile Firmware →

Snapdragon 888 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 888 5g Mobile Firmware →

Snapdragon 888 5g Mobile Firmware by Qualcomm

View all CVEs affecting Snapdragon 888 5g Mobile Firmware →

Snapdragon Auto 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 5g Modem Rf Firmware →

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 5g Modem Rf Gen 2 Firmware →

Snapdragon X35 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X35 5g Modem Rf Firmware →

Snapdragon X55 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X55 5g Modem Rf Firmware →

Snapdragon X65 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X65 5g Modem Rf Firmware →

Snapdragon X70 Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X70 Modem Rf Firmware →

Snapdragon X75 5g Modem Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X75 5g Modem Rf Firmware →

Snapdragon Xr2 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon Xr2 5g Firmware →

Sxr2130 Firmware by Qualcomm

View all CVEs affecting Sxr2130 Firmware →

Video Collaboration Vc3 Platform Firmware by Qualcomm

View all CVEs affecting Video Collaboration Vc3 Platform Firmware →

Wcd9340 Firmware by Qualcomm

View all CVEs affecting Wcd9340 Firmware →

Wcd9341 Firmware by Qualcomm

View all CVEs affecting Wcd9341 Firmware →

Wcd9360 Firmware by Qualcomm

View all CVEs affecting Wcd9360 Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wcd9390 Firmware by Qualcomm

View all CVEs affecting Wcd9390 Firmware →

Wcd9395 Firmware by Qualcomm

View all CVEs affecting Wcd9395 Firmware →

Wcn3950 Firmware by Qualcomm

View all CVEs affecting Wcn3950 Firmware →

Wcn3988 Firmware by Qualcomm

View all CVEs affecting Wcn3988 Firmware →

Wcn6740 Firmware by Qualcomm

View all CVEs affecting Wcn6740 Firmware →

Wsa8810 Firmware by Qualcomm

View all CVEs affecting Wsa8810 Firmware →

Wsa8815 Firmware by Qualcomm

View all CVEs affecting Wsa8815 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8832 Firmware by Qualcomm

View all CVEs affecting Wsa8832 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

Wsa8840 Firmware by Qualcomm

View all CVEs affecting Wsa8840 Firmware →

Wsa8845 Firmware by Qualcomm

View all CVEs affecting Wsa8845 Firmware →

Wsa8845h Firmware by Qualcomm

View all CVEs affecting Wsa8845h Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of cellular connectivity on affected devices, requiring device restart to restore service. Could be used in targeted attacks against critical mobile infrastructure or emergency services devices.

🟠

Likely Case

Temporary service disruption on individual devices, causing dropped calls, failed SMS delivery, and interrupted data sessions until the device recovers or is restarted.

🟢

If Mitigated

Minimal impact with proper network filtering and updated firmware; isolated incidents affecting only devices that haven't been patched.

🌐 Internet-Facing: MEDIUM - Attack requires proximity to target device or access to cellular network infrastructure, but SMS can be sent remotely through various services.

🏢 Internal Only: LOW - Primarily affects mobile devices connecting to external cellular networks rather than internal enterprise systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted SMS messages; no authentication needed but requires ability to send SMS to target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm April 2024 security bulletin for specific patched firmware versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates. 2. Apply firmware updates from device manufacturer. 3. Restart device after update. 4. Verify patch applied via device settings.

🔧 Temporary Workarounds

SMS Filtering

all

Implement SMS filtering at network level to block messages with non-standard container sizes

Disable SMS Auto-retrieve

android

Configure devices to not automatically retrieve SMS messages

🧯 If You Can't Patch

• Implement network-level SMS filtering to block malicious messages
• Monitor for unusual SMS patterns and cellular service disruptions

🔍 How to Verify

Check if Vulnerable:

Copy

Check device firmware version against Qualcomm's security bulletin; vulnerable if using affected chipset firmware.

Check Version:

Copy

Android: Settings > About Phone > Build Number/Baseband Version

Verify Fix Applied:

Copy

Verify device has received April 2024 or later security updates from manufacturer; check firmware version in device settings.

📡 Detection & Monitoring

Log Indicators:

• Multiple failed SMS processing attempts
• Unexpected modem/radio resets
• DL NAS transport errors

Network Indicators:

• Unusual SMS traffic patterns
• SMS messages with non-standard sizes
• Increased cellular service disruptions

SIEM Query:

Copy

Search for modem/radio reset events or SMS processing failures in device logs

📊 Metadata

CVE ID: CVE-2023-33099

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: April 1, 2024

Last Updated: August 11, 2025

🔗 References

• https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html Vendor Advisory
• https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33099, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)

CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)

CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)