CVE-2023-33106

Use of Out-of-range Pointer Offset in Graphics

CVSS 8.4 HIGHEPSS 0.9%● KEVCWE-823

In short

A flaw in graphics driver code allows memory corruption when a specially crafted request with too many sync points is sent to the GPU command interface, potentially causing crashes or system instability.

Technical detail

CWE-823 out-of-range pointer offset vulnerability in KGSL GPU AUX command IOCTL handler. Attack vector requires local access to submit malformed AUX commands with excessive sync points; memory corruption occurs due to insufficient bounds checking, leading to potential denial of service or privilege escalation.

Summary generated and translated by AI from the official description.

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33106 https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin