CVE-2023-43514

Q: What is the severity of CVE-2023-43514?

CVE-2023-43514 has a CVSS score of 8.4 (HIGH). This vulnerability allows memory corruption through improper handling of IOCTL calls for internal memory mapping/unmapping operations in Qualcomm components. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices using vulnerable Qualcomm chipsets, primarily mobile devices and IoT products.

8.4 HIGH

📋 TL;DR

This vulnerability allows memory corruption through improper handling of IOCTL calls for internal memory mapping/unmapping operations in Qualcomm components. Attackers could potentially execute arbitrary code or cause denial of service. Affects devices using vulnerable Qualcomm chipsets, primarily mobile devices and IoT products.

💻 Affected Systems

Products:

Qualcomm chipsets with affected drivers

Versions: Specific versions not detailed in bulletin; check Qualcomm advisory for chipset-specific details

Operating Systems: Android, Linux-based systems using Qualcomm drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm components that implement the vulnerable IOCTL handlers. Mobile devices, IoT, and embedded systems are primary targets.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise with kernel-level code execution, allowing complete control over affected device, data theft, and persistence.

🟠

Likely Case

Local privilege escalation from user to kernel space, enabling further system compromise or denial of service crashes.

🟢

If Mitigated

Limited impact with proper kernel hardening, SELinux/AppArmor policies, and restricted device access.

🌐 Internet-Facing: LOW - Requires local access or ability to execute code on device.

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with local access to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to make IOCTL calls to vulnerable driver, typically through local code execution. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm January 2024 security bulletin for chipset-specific patches

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset. 2. Obtain firmware/OS update from device manufacturer. 3. Apply update following manufacturer instructions. 4. Reboot device.

🔧 Temporary Workarounds

Restrict IOCTL access

linux

Use SELinux/AppArmor policies to restrict access to vulnerable driver IOCTLs

# Example SELinux policy modification (consult device-specific documentation)

Disable unnecessary drivers

linux

Remove or disable affected Qualcomm driver modules if not required

rmmod [driver_module_name]
# or blacklist in /etc/modprobe.d/

🧯 If You Can't Patch

Implement strict application sandboxing to limit local code execution capabilities
Deploy endpoint detection and response (EDR) to monitor for suspicious IOCTL calls

🔍 How to Verify

Check if Vulnerable:

Check device chipset against Qualcomm advisory and verify driver versions

Check Version:

cat /proc/version or check device settings > about phone

Verify Fix Applied:

Verify firmware/OS version is updated to version containing January 2024 Qualcomm security patches

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing memory corruption errors
Failed IOCTL calls to Qualcomm drivers
Unexpected process accessing driver devices

Network Indicators:

Not network exploitable - local vulnerability only

SIEM Query:

source="kernel" AND ("memory corruption" OR "general protection fault") AND process="[qualcomm_driver]"

📊 Metadata

CVE ID: CVE-2023-43514

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: January 2, 2024

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm4325 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs7230 Firmware by Qualcomm

Qcs8250 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qdu1000 Firmware by Qualcomm

Qdu1010 Firmware by Qualcomm

Qdu1110 Firmware by Qualcomm

Qdu1210 Firmware by Qualcomm

Qdx1010 Firmware by Qualcomm

Qdx1011 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Qru1032 Firmware by Qualcomm

Qru1052 Firmware by Qualcomm

Qru1062 Firmware by Qualcomm

Robotics Rb5 Platform Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sg4150p Firmware by Qualcomm

Sg8275p Firmware by Qualcomm

Sm8550p Firmware by Qualcomm

Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

Snapdragon 480 5g Mobile Platform Firmware by Qualcomm

Snapdragon 680 4g Mobile Platform Firmware by Qualcomm

Snapdragon 685 4g Mobile Platform Firmware by Qualcomm

Snapdragon 695 5g Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 8 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm

Snapdragon X75 5g Modem Rf System Firmware by Qualcomm

Sw5100 Firmware by Qualcomm

Sw5100p Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Video Collaboration Vc5 Platform Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9390 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm