CVE-2023-43522

Q: What is the severity of CVE-2023-43522?

CVE-2023-43522 has a CVSS score of 7.5 (HIGH). This vulnerability in Qualcomm chipsets allows a denial-of-service attack when processing empty or NULL encrypted keys during key unwrapping. It affects devices using vulnerable Qualcomm components, potentially causing system crashes or instability.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Qualcomm chipsets allows a denial-of-service attack when processing empty or NULL encrypted keys during key unwrapping. It affects devices using vulnerable Qualcomm components, potentially causing system crashes or instability.

💻 Affected Systems

Products:

Qualcomm chipsets and associated software components

Versions: Specific versions not detailed in reference; check Qualcomm advisory for exact affected versions.

Operating Systems: Android, Linux-based systems using Qualcomm components

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using Qualcomm's cryptographic key unwrapping functionality. Exact product list requires checking Qualcomm's detailed advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

System crash leading to complete denial of service, requiring reboot and potential data loss in affected processes.

🟠

Likely Case

Application or service crash causing temporary disruption until system recovers or restarts.

🟢

If Mitigated

Minimal impact with proper input validation and error handling in place.

🌐 Internet-Facing: MEDIUM - Could be exploited remotely if vulnerable service is exposed, but requires specific conditions.

🏢 Internal Only: MEDIUM - Internal attackers could trigger the condition if they have access to vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger key unwrapping with empty/NULL encrypted key, which may require specific access or conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm February 2024 security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected components. 2. Obtain updated firmware/software from device manufacturer. 3. Apply patches following manufacturer instructions. 4. Reboot affected systems.

🔧 Temporary Workarounds

Input validation enhancement

all

Add validation to reject empty or NULL encrypted keys before unwrapping process

Implementation specific to application code; no universal command

🧯 If You Can't Patch

Implement application-level validation to reject empty/NULL keys before cryptographic processing
Restrict access to vulnerable services to trusted users/systems only

🔍 How to Verify

Check if Vulnerable:

Check device firmware/software version against Qualcomm's affected versions list in advisory

Check Version:

Device/system specific; typically 'cat /proc/version' or manufacturer-specific commands

Verify Fix Applied:

Verify updated version matches patched versions from Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes during cryptographic operations
Error logs related to key unwrapping failures

Network Indicators:

Unusual patterns of failed cryptographic operations if network-exposed

SIEM Query:

Search for process crashes or errors containing 'key unwrap', 'crypto', or related terms in system logs

📊 Metadata

CVE ID: CVE-2023-43522

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: February 6, 2024

Last Updated: August 11, 2025

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2024-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq5302 Firmware by Qualcomm

Ipq5312 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Pmp8074 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca1062 Firmware by Qualcomm

Qca1064 Firmware by Qualcomm

Qca2062 Firmware by Qualcomm

Qca2064 Firmware by Qualcomm

Qca2065 Firmware by Qualcomm

Qca2066 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm