CVE-2023-33108

Summary

Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonQAM8255Paffected
Qualcomm, Inc.SnapdragonQAM8295Paffected
Qualcomm, Inc.SnapdragonQAM8650Paffected
Qualcomm, Inc.SnapdragonQAM8775Paffected
Qualcomm, Inc.SnapdragonQCA6391affected
Qualcomm, Inc.SnapdragonQCA6574affected
Qualcomm, Inc.SnapdragonQCA6574Aaffected
Qualcomm, Inc.SnapdragonQCA6574AUaffected
Qualcomm, Inc.SnapdragonQCA6595affected
Qualcomm, Inc.SnapdragonQCA6595AUaffected
Qualcomm, Inc.SnapdragonQCA6696affected
Qualcomm, Inc.SnapdragonQCA6698AQaffected
Qualcomm, Inc.SnapdragonQCA6797AQaffected
Qualcomm, Inc.SnapdragonQCS7230affected
Qualcomm, Inc.SnapdragonQCS8250affected
Qualcomm, Inc.SnapdragonQualcomm Video Collaboration VC5 Platformaffected
Qualcomm, Inc.SnapdragonSA6155Paffected
Qualcomm, Inc.SnapdragonSA8155Paffected
Qualcomm, Inc.SnapdragonSA8195Paffected
Qualcomm, Inc.SnapdragonSA8255Paffected
Qualcomm, Inc.SnapdragonSA8295Paffected
Qualcomm, Inc.SnapdragonSnapdragon W5+ Gen 1 Wearable Platformaffected
Qualcomm, Inc.SnapdragonSW5100affected
Qualcomm, Inc.SnapdragonSW5100Paffected
Qualcomm, Inc.SnapdragonWSA8830affected
Qualcomm, Inc.SnapdragonWSA8835affected

Weaknesses

  • CWE-416: CWE-416 Use After Free

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References