CVE-2023-33106
Published: 05 December 2023
Summary
CVE-2023-33106 is a high-severity Use of Out-of-range Pointer Offset (CWE-823) vulnerability in Qualcomm Ar8035 Firmware. Its CVSS base score is 8.4 (High).
Operationally, ranked at the 38.0th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2023-33106 is a memory corruption vulnerability in Qualcomm's KGSL GPU driver, triggered when an AUX command containing an excessively large list of sync points is submitted through the IOCTL_KGSL_GPU_AUX_COMMAND interface. The flaw maps to CWE-823 and CWE-119 and carries a CVSS 3.1 score of 8.4, reflecting local attack vector, low complexity, and no required privileges or user interaction.
A local attacker on an affected Qualcomm device can supply a maliciously crafted AUX command to corrupt kernel memory, resulting in arbitrary code execution or denial of service with full confidentiality, integrity, and availability impact on the GPU subsystem.
Qualcomm's December 2023 security bulletin addresses the issue with patches for impacted chipsets; the vulnerability is also catalogued in CISA's Known Exploited Vulnerabilities list, confirming in-the-wild exploitation. The current EPSS score of 0.0017 remains low and shows no material upward movement.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-37295
Vulnerability details
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
- CWE(s)
- KEV Date Added
- 05 December 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of the size and structure of the sync-point list supplied to IOCTL_KGSL_GPU_AUX_COMMAND, blocking the oversized input that triggers memory corruption.
Applies memory-protection mechanisms that can detect or block the corruption of kernel memory resulting from the malformed AUX command.
Restricts which processes may open and submit commands to the KGSL GPU device, reducing the attack surface for an unprivileged local process.