CVE-2023-33115

Q: What is the severity of CVE-2023-33115?

CVE-2023-33115 has a CVSS score of 7.8 (HIGH). This CVE describes a memory corruption vulnerability in Qualcomm's trusted execution environment when processing buffer initialization for certain report types. Attackers could potentially execute arbitrary code or cause denial of service. This affects devices using Qualcomm chipsets with vulnerable firmware.

7.8 HIGH

📋 TL;DR

This CVE describes a memory corruption vulnerability in Qualcomm's trusted execution environment when processing buffer initialization for certain report types. Attackers could potentially execute arbitrary code or cause denial of service. This affects devices using Qualcomm chipsets with vulnerable firmware.

💻 Affected Systems

Products:

Qualcomm chipsets with trusted execution environment

Versions: Specific firmware versions not detailed in public bulletin

Operating Systems: Android, Linux-based systems using Qualcomm chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm chipsets that have vulnerable firmware. Exact product list requires checking Qualcomm's security bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated privileges on affected devices.

🟢

If Mitigated

Denial of service or application crashes if memory corruption cannot be leveraged for code execution.

🌐 Internet-Facing: MEDIUM - Requires local access or ability to execute code on device, but could be chained with other vulnerabilities.

🏢 Internal Only: HIGH - Local attackers or malicious apps could exploit this for privilege escalation on compromised devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or ability to execute code on device. Memory corruption vulnerabilities often require specific conditions to exploit reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm's April 2024 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm's security bulletin for your specific chipset. 2. Obtain firmware update from device manufacturer. 3. Apply firmware update following manufacturer instructions. 4. Reboot device to complete installation.

🔧 Temporary Workarounds

Restrict local code execution

all

Limit ability for untrusted applications to execute code on affected devices

🧯 If You Can't Patch

Isolate affected devices from critical networks and sensitive data
Implement strict application allowlisting to prevent untrusted code execution

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's security bulletin for affected chipsets

Check Version:

Device-specific commands vary by manufacturer. Typically: 'getprop ro.build.fingerprint' or checking firmware version in device settings.

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in Qualcomm bulletin

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes in trusted execution environment
Memory access violations in system logs
Abnormal trusted report generation attempts

Network Indicators:

Unusual local process communication patterns

SIEM Query:

Process: (name contains "trusted" OR name contains "tee") AND (event_type="crash" OR event_type="access_violation")

📊 Metadata

CVE ID: CVE-2023-33115

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-126

Published: April 1, 2024

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcs5430 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm

Qdu1000 Firmware by Qualcomm

Qdu1010 Firmware by Qualcomm

Qdu1110 Firmware by Qualcomm

Qdu1210 Firmware by Qualcomm

Qdx1010 Firmware by Qualcomm

Qdx1011 Firmware by Qualcomm

Qep8111 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Qru1032 Firmware by Qualcomm

Qru1052 Firmware by Qualcomm

Qru1062 Firmware by Qualcomm

Qsm8350 Firmware by Qualcomm

Robotics Rb3 Firmware by Qualcomm

Robotics Rb5 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm