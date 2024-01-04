wordpress blog stats
Qualcomm’s latest security bulletin reveals a critical vulnerability in 24 chipsets

Identified as “CVE-2023-33025”, the vulnerability affects 24 chipsets including Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), and Snapdragon X65 5G Modem-RF System.

Published

Qualcomm
Image Credit: Kārlis Dambrāns

On January 1, Qualcomm released its security bulletin where it revealed that it had found a critical security vulnerability that allows bad actors to remotely attack devices during voice calls. This vulnerability called “CVE-2023-33025” affects 24 chipsets including Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), and Snapdragon X65 5G Modem-RF System. This means that any device with the affected chipsets would be susceptible to the vulnerability.

Details of the vulnerability:

The vulnerability in question has been classified as a “Classic Buffer overflow” by Qualcomm. According to SC Magazine, this vulnerability causes memory corruption in the data modem when a specific kind of data (a non-standard Session Description Protocol, this protocol allows devices to communicate with each other during a VoLTE call) is sent over the VoLTE call. In such a situation, a threat actor could exploit the memory corruption and use it for remote code execution. Remote code execution refers to a cyber-attack whereby an attacker can remotely execute commands on someone else’s computing device.

Why it matters:

This vulnerability has been flagged as “critical” by Qualcomm and affects two dozen chipsets present in a wide range of phones that you may currently be using. To put this into perspective, the Snapdragon 680 is present in many smartphones such as Moto G32, Moto G52, and Vivo T1x 4G. Similarly, the Snapdragon 685 is present in Xiaomi Redmi Note 12, Realme C67 4G, and Oppo F24 4G.

Qualcomm informed the affected customers (equipment manufacturers) in July 2023 and said that it is actively sharing patches to tackle the issue. It suggests that one can contact their respective device manufacturers for information on whether the vulnerability has been patched.

Note: This is just one of the 16 vulnerabilities that Qualcomm has listed on its security bulletin, you can learn about the other security issues here.

