CVE DATABASE / CVE-2023-33063
CVE-2023-33063
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
CVSS 7.8 · HIGH
⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog
Confirmed exploited in the wild. Added 2023-12-05.
Federal remediation due 2023-12-26.
Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Summary
Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Qualcomm 315 5g iot modem firmwareQualcomm 315 5g iot modemQualcomm apq8017 firmwareQualcomm apq8017Qualcomm aqt1000 firmwareQualcomm aqt1000Qualcomm ar8031 firmwareQualcomm ar8031Qualcomm ar8035 firmwareQualcomm ar8035Qualcomm ar9380 firmwareQualcomm ar9380Qualcomm c-v2x 9150 firmwareQualcomm c-v2x 9150Qualcomm csr8811 firmwareQualcomm csr8811Qualcomm csra6620 firmwareQualcomm csra6620Qualcomm csra6640 firmwareQualcomm csra6640
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33063
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-27. Always verify against the vendor advisory before acting.