Use of Out-of-range Pointer Offset in Graphics
CVE-2023-33106
Key Information:
- Vendor
Qualcomm
- Status
- Vendor
- CVE Published:
- 5 December 2023
Badges
What is CVE-2023-33106?
A memory corruption issue has been identified in Qualcomm GPUs, which can occur when a user submits an extensive list of synchronization points through the AUX command in the IOCTL_KGSL_GPU_AUX_COMMAND. This vulnerability could potentially allow an attacker to exploit the memory handling process, leading to unpredictable system behaviors or unauthorized access to sensitive information.
CISA has reported CVE-2023-33106
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-33106 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Snapdragon Snapdragon Auto AR8035
Snapdragon Snapdragon Auto CSRA6620
Snapdragon Snapdragon Auto CSRA6640
References
CVSS V3.1
Timeline
- ๐พ
Exploit known to exist
- ๐ฆ
CISA Reported
Vulnerability published
Vulnerability Reserved