CVE-2023-33107

Confirmed PUBLISHED

Integer Overflow or Wraparound in Graphics Linux

Qualcomm, Inc. · Snapdragon
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.4 High

At a Glance

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

cisa linux
CVE Published
Dec 05, 2023
Exploitation Reported
Dec 05, 2023
CVSS
8.4 High
EPSS
Low complexity No user interaction Unauthenticated

Affected Versions

460 version rows · page 14 of 19

Vendor Product Version Status
Qualcomm, Inc.
Snapdragon

SD670

Affected
Qualcomm, Inc.
Snapdragon

SD675

Affected
Qualcomm, Inc.
Snapdragon

SD730

Affected
Qualcomm, Inc.
Snapdragon

SD835

Affected
Qualcomm, Inc.
Snapdragon

SD855

Affected
Qualcomm, Inc.
Snapdragon

SD865 5G

Affected
Qualcomm, Inc.
Snapdragon

SD888

Affected
Qualcomm, Inc.
Snapdragon

SDM429W

Affected
Qualcomm, Inc.
Snapdragon

SDX20M

Affected
Qualcomm, Inc.
Snapdragon

SDX55

Affected
Qualcomm, Inc.
Snapdragon

SG4150P

Affected
Qualcomm, Inc.
Snapdragon

SG8275P

Affected
Qualcomm, Inc.
Snapdragon

SM4125

Affected
Qualcomm, Inc.
Snapdragon

SM6250

Affected
Qualcomm, Inc.
Snapdragon

SM7250P

Affected
Qualcomm, Inc.
Snapdragon

SM7315

Affected
Qualcomm, Inc.
Snapdragon

SM7325P

Affected
Qualcomm, Inc.
Snapdragon

SM8550P

Affected
Qualcomm, Inc.
Snapdragon

Smart Audio 200 Platform

Affected
Qualcomm, Inc.
Snapdragon

Smart Audio 400 Platform

Affected
Qualcomm, Inc.
Snapdragon

Smart Display 200 Platform (APQ5053-AA)

Affected
Qualcomm, Inc.
Snapdragon

Snapdragon 208 Processor

Affected
Qualcomm, Inc.
Snapdragon

Snapdragon 210 Processor

Affected
Qualcomm, Inc.
Snapdragon

Snapdragon 212 Mobile Platform

Affected
Qualcomm, Inc.
Snapdragon

Snapdragon 4 Gen 1 Mobile Platform

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.