CVE-2023-33110

high-risk

Published 2024-01-02

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Snapdragon 425 Mobile Platform Firmware

Snapdragon 427 Mobile Platform Firmware

Snapdragon 429 Mobile Platform Firmware

Snapdragon 430 Mobile Platform Firmware

Snapdragon 435 Mobile Platform Firmware

Snapdragon 439 Mobile Platform Firmware

Snapdragon 450 Mobile Platform Firmware

Snapdragon 460 Mobile Platform Firmware

Snapdragon 480 5G Mobile Platform Firmware

Snapdragon 480\+ 5G Mobile Platform Firmware

Snapdragon 625 Mobile Platform Firmware

Snapdragon 626 Mobile Platform Firmware

Snapdragon 630 Mobile Platform Firmware

Snapdragon 632 Mobile Platform Firmware

Snapdragon 636 Mobile Platform Firmware

Snapdragon 660 Mobile Platform Firmware

Snapdragon 662 Mobile Platform Firmware

Snapdragon 665 Mobile Platform Firmware

Snapdragon 670 Mobile Platform Firmware

Snapdragon 675 Mobile Platform Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulleti...

/ 100

high-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 31/34 · Critical