CVE-2023-33107

Integer Overflow or Wraparound in Graphics Linux

CVSS 8.4 HIGHEPSS 0.9%● KEVCWE-190

Vexday Risk Score

51Attention

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 8.4EPSS 0.9%KEV simPoC —Nuclei —Metasploit —Patch —

Lifecycle

05 Dec 2023Active exploitation (CISA KEV)

05 Dec 2023Published on NVD

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

A flaw in Graphics Linux allows memory corruption when a program makes certain system calls to assign shared memory regions. An attacker could exploit this to crash the system or potentially run malicious code.

Technical detail

Integer overflow vulnerability in Graphics Linux IOCTL handler during shared virtual memory region assignment, allowing attackers to trigger out-of-bounds memory access. Requires local access and execution of crafted IOCTL call; impacts memory integrity and system stability.

Summary generated and translated by AI from the official description.

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33107 https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin