⚠ Actively exploited
Added to CISA KEV on 2023-12-05. Federal agencies required to patch by 2023-12-26. Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable..

CVE-2023-33106Use of Out-of-range Pointer Offset in INC Snapdragon

CWE-823Use of Out-of-range Pointer OffsetCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-416Use After Free10 documents9 sources
Severity
7.8HIGHNVD
VulnCheck8.4
EPSS
0.2%
top 61.79%
CISA KEV
KEV
Added 2023-12-05
Due 2023-12-26
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Qualcomm INC SnapdragonGoogle Android
Timeline
PublishedDec 5
KEV addedDec 5
KEV dueDec 26
Latest updateMar 5
CISA Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Description

Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5qualcomm_inc/snapdragon153 versions+152

Patches

Patch: www.qualcomm.comPatch: www.qualcomm.com

🔴Vulnerability Details

3
GHSA
GHSA-x563-8qf7-q64m: Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND2023-12-05
VulnCheck
Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability2023
Project0
Project Zero RCA: CVE-2023-33106: Qualcomm Adreno GPU KGSL_GPU_AUX_COMMAND_SYNC OOB

📋Vendor Advisories

2
CISA
Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability2023-12-05
Android
CVE-2023-33106: Display2023-12-01

🕵️Threat Intelligence

3
Mandiant
Look What You Made Us Patch: 2025 Zero-Days in Review2026-03-05
Mandiant
Look What You Made Us Patch: 2025 Zero-Days in Review2026-03-05
Bleepingcomputer
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers2023-10-03

📄Research Papers

1
arXiv
Zero-Trust Strategies for O-RAN Cellular Networks: Principles, Challenges and Research Directions2025-11-23