CVE-2023-33107

Confirmed PUBLISHED

Integer Overflow or Wraparound in Graphics Linux

Qualcomm, Inc. · Snapdragon
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.4 High

At a Glance

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

cisa linux
CVE Published
Dec 05, 2023
Exploitation Reported
Dec 05, 2023
CVSS
8.4 High
EPSS
Low complexity No user interaction Unauthenticated

Affected Versions

460 version rows · page 3 of 19

Vendor Product Version Status
qualcomm
qca8337_firmware

0 to <= *

Affected
qualcomm
qca9377_firmware

0 to <= *

Affected
qualcomm
qcm2290_firmware

0 to <= *

Affected
qualcomm
qcm4290_firmware

0 to <= *

Affected
qualcomm
qcm4325_firmware

0 to <= *

Affected
qualcomm
qcm4490_firmware

0 to <= *

Affected
qualcomm
qcm5430_firmware

0 to <= *

Affected
qualcomm
qcm6125_firmware

0 to <= *

Affected
qualcomm
qcm6490_firmware

0 to <= *

Affected
qualcomm
qcm8550_firmware

0 to <= *

Affected
qualcomm
qcn6024_firmware

0 to <= *

Affected
qualcomm
qcn9011_firmware

0 to <= *

Affected
qualcomm
qcn9012_firmware

0 to <= *

Affected
qualcomm
qcn9024_firmware

0 to <= *

Affected
qualcomm
qcn9074_firmware

0 to <= *

Affected
qualcomm
qcs2290_firmware

0 to <= *

Affected
qualcomm
qcs410_firmware

0 to <= *

Affected
qualcomm
qcs4290_firmware

0 to <= *

Affected
qualcomm
qcs4490_firmware

0 to <= *

Affected
qualcomm
qcs5430_firmware

0 to <= *

Affected
qualcomm
qcs610_firmware

0 to <= *

Affected
qualcomm
qcs6125_firmware

0 to <= *

Affected
qualcomm
qcs6490_firmware

0 to <= *

Affected
qualcomm
qcs7230_firmware

0 to <= *

Affected
qualcomm
qcs8155_firmware

0 to <= *

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.