CVE-2023-43525

Q: What is the severity of CVE-2023-43525?

CVE-2023-43525 has a CVSS score of 6.7 (MEDIUM). CVE-2023-43525 is a buffer overflow vulnerability in Qualcomm audio drivers that allows memory corruption when copying sound model data from user to kernel space. This could enable local privilege escalation or denial of service attacks. Affected systems include devices with vulnerable Qualcomm chipsets, primarily Android smartphones and IoT devices.

6.7 MEDIUM

Buffer Overflow

📋 TL;DR

CVE-2023-43525 is a buffer overflow vulnerability in Qualcomm audio drivers that allows memory corruption when copying sound model data from user to kernel space. This could enable local privilege escalation or denial of service attacks. Affected systems include devices with vulnerable Qualcomm chipsets, primarily Android smartphones and IoT devices.

💻 Affected Systems

Products:

Qualcomm audio subsystem components
Android devices with Qualcomm chipsets
IoT devices using Qualcomm audio processors

Versions: Specific chipset firmware versions prior to May 2024 patches

Operating Systems: Android, Linux-based systems with Qualcomm drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Requires audio subsystem access; typically exploitable by apps with audio permissions. Exact affected chipsets listed in Qualcomm advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level access, allowing complete device compromise, data theft, or persistent malware installation.

🟠

Likely Case

Local denial of service (device crash/reboot) or limited privilege escalation to gain elevated permissions on the device.

🟢

If Mitigated

No impact if patched or if SELinux/app sandboxing prevents exploitation beyond the compromised app's context.

🌐 Internet-Facing: LOW - Requires local access; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers or malicious apps could exploit this on compromised devices within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to interact with audio subsystem. Likely requires app installation or physical access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Qualcomm security bulletin May 2024 patches

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates. 2. Apply May 2024 or later Android security patches. 3. For custom systems, update Qualcomm audio driver from vendor. 4. Reboot device after update.

🔧 Temporary Workarounds

Restrict audio permissions

android

Limit which apps can access audio subsystem to reduce attack surface

adb shell pm revoke <package> android.permission.RECORD_AUDIO
adb shell pm revoke <package> android.permission.MODIFY_AUDIO_SETTINGS

Disable unnecessary audio features

linux

Turn off sound model registration features if not needed

echo 0 > /sys/module/sound_model/parameters/enable_registration

🧯 If You Can't Patch

Implement strict app vetting and only install trusted applications
Use mobile device management (MDM) to restrict app installations and monitor for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level: Settings > About phone > Android version > Security patch level. If before May 2024, likely vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level is May 2024 or later. Check Qualcomm driver version matches patched versions in advisory.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Audio subsystem crash messages in dmesg
SELinux denials for audio operations

Network Indicators:

None - local exploitation only

SIEM Query:

source="android" AND (event="kernel_panic" OR message="*audio*crash*")

📊 Metadata

CVE ID: CVE-2023-43525

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: May 6, 2024

Last Updated: January 15, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html Patch,Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa7255p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8620p Firmware by Qualcomm

Sa8650p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm

Snapdragon X72 5g Modem Rf Firmware by Qualcomm

Snapdragon X75 5g Modem Rf Firmware by Qualcomm

Srv1h Firmware by Qualcomm

Srv1m Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm