CVE-2023-33108 - Vulnerability Details

Description

Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.

Published: 2024-01-02

Score: 8.4 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon

unaffected

Version	Status	Constraints
`QAM8255P`	affected	—
`QAM8295P`	affected	—
`QAM8650P`	affected	—
`QAM8775P`	affected	—
`QCA6391`	affected	—
`QCA6574`	affected	—
`QCA6574A`	affected	—
`QCA6574AU`	affected	—
`QCA6595`	affected	—
`QCA6595AU`	affected	—
`QCA6696`	affected	—
`QCA6698AQ`	affected	—
`QCA6797AQ`	affected	—
`QCS7230`	affected	—
`QCS8250`	affected	—
`Qualcomm Video Collaboration VC5 Platform`	affected	—
`SA6155P`	affected	—
`SA8155P`	affected	—
`SA8195P`	affected	—
`SA8255P`	affected	—
`SA8295P`	affected	—
`Snapdragon W5+ Gen 1 Wearable Platform`	affected	—
`SW5100`	affected	—
`SW5100P`	affected	—
`WSA8830`	affected	—
`WSA8835`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:qam8650p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qam8650p:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:qam8775p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qam8775p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6574:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:qualcomm:qca6797aq_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6797aq:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:qualcomm:qcs7230_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs7230:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:qualcomm:qcs8250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs8250:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:qualcomm:video_collaboration_vc5_platform_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:video_collaboration_vc5_platform:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:qualcomm:snapdragon_w5\+_gen_1_wearable_platform_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:snapdragon_w5\+_gen_1_wearable_platform:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-37297	Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0006.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin

History

Mon, 11 Aug 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm video Collaboration Vc5 Platform Firmware
CPEs	cpe:2.3:o:qualcomm:qualcomm_video_collaboration_vc5_platform_firmware:-:::::::*	cpe:2.3:o:qualcomm:video_collaboration_vc5_platform_firmware:-:::::::*
Vendors & Products	Qualcomm qualcomm Video Collaboration Vc5 Platform Firmware	Qualcomm video Collaboration Vc5 Platform Firmware

Thu, 07 Aug 2025 13:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qualcomm video Collaboration Vc5 Platform
CPEs	cpe:2.3:h:qualcomm:qualcomm_video_collaboration_vc5_platform:-:::::::*	cpe:2.3:h:qualcomm:video_collaboration_vc5_platform:-:::::::*
Vendors & Products	Qualcomm qualcomm Video Collaboration Vc5 Platform	Qualcomm video Collaboration Vc5 Platform

Tue, 03 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Qualcomm Qam8255p Qam8255p Firmware Qam8295p Qam8295p Firmware Qam8650p Qam8650p Firmware Qam8775p Qam8775p Firmware Qca6391 Qca6391 Firmware Qca6574 Qca6574 Firmware Qca6574a Qca6574a Firmware Qca6574au Qca6574au Firmware Qca6595 Qca6595 Firmware Qca6595au Qca6595au Firmware Qca6696 Qca6696 Firmware Qca6698aq Qca6698aq Firmware Qca6797aq Qca6797aq Firmware Qcs7230 Qcs7230 Firmware Qcs8250 Qcs8250 Firmware Sa6155p Sa6155p Firmware Sa8155p Sa8155p Firmware Sa8195p Sa8195p Firmware Sa8255p Sa8255p Firmware Sa8295p Sa8295p Firmware Snapdragon W5\+ Gen 1 Wearable Platform Snapdragon W5\+ Gen 1 Wearable Platform Firmware Sw5100 Sw5100 Firmware Sw5100p Sw5100p Firmware Video Collaboration Vc5 Platform Video Collaboration Vc5 Platform Firmware Wsa8830 Wsa8830 Firmware Wsa8835 Wsa8835 Firmware

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2024-01-02T05:38:40.125Z

Updated: 2025-06-03T14:46:13.795Z

Reserved: 2023-05-17T09:28:53.143Z

Link: CVE-2023-33108

Vulnrichment

Updated: 2024-08-02T15:32:46.750Z

NVD

Status : Modified

Published: 2024-01-02T06:15:11.193

Modified: 2025-08-11T15:06:17.607

Link: CVE-2023-33108

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-416

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object