CVE-2023-43527

Q: What is the severity of CVE-2023-43527?

CVE-2023-43527 has a CVSS score of 6.8 (MEDIUM). This vulnerability allows attackers to access sensitive information from memory when parsing dts header atoms in video files. It affects devices using Qualcomm chipsets with vulnerable multimedia processing components. The information disclosure could potentially reveal system memory contents.

6.8 MEDIUM

📋 TL;DR

This vulnerability allows attackers to access sensitive information from memory when parsing dts header atoms in video files. It affects devices using Qualcomm chipsets with vulnerable multimedia processing components. The information disclosure could potentially reveal system memory contents.

💻 Affected Systems

Products:

Qualcomm chipsets with multimedia processing capabilities

Versions: Specific versions not detailed in provided references; check Qualcomm May 2024 bulletin for exact affected versions

Operating Systems: Android and other OS using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using Qualcomm's multimedia processing stack; exact device models depend on chipset implementation

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract sensitive data from device memory including authentication tokens, encryption keys, or other application data, potentially leading to further system compromise.

🟠

Likely Case

Information disclosure of limited memory contents, possibly revealing some system information or application data but not full system control.

🟢

If Mitigated

Limited impact with proper memory isolation and sandboxing, potentially only exposing non-sensitive data from the multimedia processing context.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires processing of specially crafted video files; exploitation depends on multimedia application behavior

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm May 2024 security bulletin for specific patched versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset versions 2. Obtain firmware/OS updates from device manufacturer 3. Apply updates following manufacturer instructions 4. Reboot device after update

🔧 Temporary Workarounds

Restrict video file sources

all

Limit video processing to trusted sources only

Disable automatic video processing

all

Prevent automatic parsing of video files in vulnerable applications

🧯 If You Can't Patch

Isolate multimedia processing to dedicated, restricted environments
Implement network segmentation to limit potential data exfiltration

🔍 How to Verify

Check if Vulnerable:

Check device chipset version and compare against Qualcomm's May 2024 security bulletin

Check Version:

Device-specific commands vary; on Android: 'getprop ro.bootloader' or check Settings > About Phone

Verify Fix Applied:

Verify firmware/OS version is updated to patched version specified in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

Unusual multimedia processing errors
Memory access violations in media services

Network Indicators:

Unexpected outbound data transfers following video file processing

SIEM Query:

Search for media service crashes or memory access errors in system logs

📊 Metadata

CVE ID: CVE-2023-43527

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-126

Published: May 6, 2024

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sd660 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Snapdragon 429 Mobile Firmware by Qualcomm

Snapdragon 660 Mobile Firmware by Qualcomm

Snapdragon 8 Gen 1 Mobile Firmware by Qualcomm

Snapdragon 865 5g Mobile Firmware by Qualcomm

Snapdragon 865 5g Mobile Firmware by Qualcomm

Snapdragon 870 5g Mobile Firmware by Qualcomm

Snapdragon W5\+ Gen 1 Wearable Firmware by Qualcomm

Snapdragon Wear 4100\+ Firmware by Qualcomm

Snapdragon X55 5g Modem Rf Firmware by Qualcomm

Snapdragon Xr2 5g Firmware by Qualcomm

Sw5100 Firmware by Qualcomm

Sw5100p Firmware by Qualcomm

Sxr2130 Firmware by Qualcomm

Video Collaboration Vc1 Platform Firmware by Qualcomm

Video Collaboration Vc3 Platform Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcn3610 Firmware by Qualcomm

Wcn3620 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3990 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm