CVE-2023-43513

Q: What is the severity of CVE-2023-43513?

CVE-2023-43513 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption in Qualcomm hardware components when processing event rings, where an untrusted context read pointer can be manipulated to point to arbitrary memory locations. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices with vulnerable Qualcomm chipsets.

7.8 HIGH

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm hardware components when processing event rings, where an untrusted context read pointer can be manipulated to point to arbitrary memory locations. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices with vulnerable Qualcomm chipsets.

💻 Affected Systems

Products:

Qualcomm chipsets with vulnerable components

Versions: Specific chipset versions not detailed in public advisory

Operating Systems: Android and other OS using Qualcomm hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects hardware/firmware level components, not specific software versions

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation

🟠

Likely Case

System crash or denial of service, potentially requiring hardware reset

🟢

If Mitigated

Limited impact with proper memory protections and exploit mitigations in place

🌐 Internet-Facing: MEDIUM - Requires specific conditions but could be exploited remotely in certain configurations

🏢 Internal Only: MEDIUM - Could be exploited through malicious apps or local network access

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires deep hardware knowledge and specific conditions

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates 2. Apply manufacturer-provided patches 3. Reboot device after update

🔧 Temporary Workarounds

No direct workarounds

all

This is a hardware/firmware level vulnerability requiring vendor patches

🧯 If You Can't Patch

Isolate affected devices from untrusted networks
Implement strict application control to prevent malicious apps

🔍 How to Verify

Check if Vulnerable:

Check device chipset version and compare with manufacturer security bulletins

Check Version:

Device-specific commands vary by manufacturer (e.g., Android: Settings > About Phone)

Verify Fix Applied:

Verify firmware version matches patched version from manufacturer

📡 Detection & Monitoring

Log Indicators:

System crashes, kernel panics, unexpected reboots

Network Indicators:

Unusual outbound connections from system processes

SIEM Query:

EventID=41 OR 'kernel panic' OR 'system crash' on affected devices

📊 Metadata

CVE ID: CVE-2023-43513

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-823

Published: February 6, 2024

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

315 5g Iot Modem Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

C V2x 9150 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Fsm20055 Firmware by Qualcomm

Fsm20056 Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm4490 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5054 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm