CVE-2023-43538

Q: What is the severity of CVE-2023-43538?

CVE-2023-43538 has a CVSS score of 9.3 (CRITICAL). This vulnerability allows memory corruption in Qualcomm's TrustZone Secure OS during Tunnel Invoke Manager initialization. Attackers could potentially execute arbitrary code in the secure execution environment, affecting devices with Qualcomm chipsets including smartphones, IoT devices, and embedded systems.

9.3 CRITICAL

📋 TL;DR

This vulnerability allows memory corruption in Qualcomm's TrustZone Secure OS during Tunnel Invoke Manager initialization. Attackers could potentially execute arbitrary code in the secure execution environment, affecting devices with Qualcomm chipsets including smartphones, IoT devices, and embedded systems.

💻 Affected Systems

Products:

Qualcomm chipsets with TrustZone Secure OS

Versions: Multiple Qualcomm chipset versions prior to June 2024 patches

Operating Systems: Android and other OS using Qualcomm TrustZone

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm chipsets regardless of OS version if not patched.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the secure execution environment allowing extraction of cryptographic keys, secure boot bypass, and persistent device compromise.

🟠

Likely Case

Privilege escalation from Android userland to TrustZone, allowing access to protected data and functions.

🟢

If Mitigated

Limited impact if proper security controls prevent initial access to the vulnerable component.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access and knowledge of TrustZone internals.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2024 security patches from Qualcomm

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check with device manufacturer for available updates. 2. Apply June 2024 or later security patches. 3. Reboot device after update.

🔧 Temporary Workarounds

No direct workaround

all

This is a firmware-level vulnerability requiring vendor patches

🧯 If You Can't Patch

Isolate affected devices from untrusted networks
Implement strict access controls and monitoring for devices with vulnerable chipsets

🔍 How to Verify

Check if Vulnerable:

Check device security patch level - if before June 2024, likely vulnerable. Check Qualcomm chipset version against advisory.

Check Version:

On Android: Settings > About phone > Android security patch level

Verify Fix Applied:

Verify security patch level is June 2024 or later in device settings.

📡 Detection & Monitoring

Log Indicators:

TrustZone crash logs
Unexpected secure OS behavior

Network Indicators:

Unusual secure communication patterns

SIEM Query:

Search for TrustZone or TZSecure OS crash events in device logs

📊 Metadata

CVE ID: CVE-2023-43538

CVSS v3 Score: 9.3 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-120

Published: June 3, 2024

Last Updated: January 27, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html Vendor Advisory
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Fastconnect 6200 Firmware by Qualcomm

Fastconnect 6800 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn6224 Firmware by Qualcomm

Qcn6274 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Qdu1000 Firmware by Qualcomm

Qdu1010 Firmware by Qualcomm

Qdu1110 Firmware by Qualcomm

Qdu1210 Firmware by Qualcomm

Qdx1010 Firmware by Qualcomm

Qdx1011 Firmware by Qualcomm

Qfw7114 Firmware by Qualcomm

Qfw7124 Firmware by Qualcomm

Qru1032 Firmware by Qualcomm

Qru1052 Firmware by Qualcomm

Qru1062 Firmware by Qualcomm

Qsm8350 Firmware by Qualcomm

Robotics Rb3 Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8255p Firmware by Qualcomm

Sa8295p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa8770p Firmware by Qualcomm

Sa8775p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sc8180x Aaab Firmware by Qualcomm

Sc8180x Acaf Firmware by Qualcomm

Sc8180x Ad Firmware by Qualcomm

Sc8180xp Aaab Firmware by Qualcomm

Sc8180xp Acaf Firmware by Qualcomm

Sc8180xp Ad Firmware by Qualcomm

Sc8280xp Abbb Firmware by Qualcomm

Sc8380xp Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd 8cx Firmware by Qualcomm

Sd670 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd855 Firmware by Qualcomm