CVE-2023-33107

unknown KEV

Published 2023-12-05 · Modified 2023-12-05

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

CISA KEV

Vendor: Qualcomm
Product: Multiple Chipsets
Due date: 2023-12-26

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/d66b799c804083ea5226cfffac6d6c4e7ad4968b; https://nvd.nist.gov/vuln/detail/CVE-2023-33107

Exploits

References

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/d66b799c804083ea5226cfffac6d6c4e7ad4968b; https://nvd.nist.gov/vuln/detail/CVE-2023-33107

Verify integrity in audit chain (admin only). AS-IS.