HIGH🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2023-33106

CVSS 8.4v3.1pub. 2023-12-05upd. 2025-10-28

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Qualcomm Ar8035

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ar8035 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Csra6620

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Csra6620 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Csra6640

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Csra6640 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6200

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6200 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6700

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6700 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6800

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6800 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6900

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6900 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 7800

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 7800 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Flight Rb5 5g Platform

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Flight Rb5 5g Platform Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8255p

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8255p Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8295p

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8295p Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8650p

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8650p Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8775p

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qam8775p Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca6174a

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca6174a Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca6391

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Qca6391 Firmware

    OS
    Qualcomm
    wszystkie wersje

CISA KEV — detailsi

Vendori
Qualcomm
Producti
Multiple Chipsets
Added to KEVi
December 5, 2023
Remediation deadline (US Federal)i
December 26, 2023(overdue)
Required action (CISA)i

Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

CISA descriptioni

Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 26 grudnia 2023
CWE
References

Related vulnerabilities

CVE-2025-47372CRITICAL9.0PL ✓ten sam produkt

Qualcomm: Memory Corruption przy ładowaniu uszkodzonego obrazu ELF

CVE-2025-21483CRITICAL9.8PL ✓ten sam produkt

Memory corruption w Qualcomm podczas składania pakietów RTP (NALUs)

CVE-2025-27034CRITICAL9.8PL ✓ten sam produkt

Qualcomm Firmware — memory corruption przy wyborze PLMN z listy SOR

CVE-2025-21450CRITICAL9.1PL ✓ten sam produkt

Qualcomm: podatność kryptograficzna umożliwiająca Auth Bypass podczas pobierania

CVE-2024-45569CRITICAL9.8PL ✓ten sam produkt

Qualcomm: Uszkodzenie pamięci przy parsowaniu ML IE w firmware