cbcvebase.
CVE-2023-33107
published 2023-12-05

CVE-2023-33107: Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

PriorityP182high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-12-26
Exploited in the wild
EPSS
0.89%
54.9th percentile
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

Affected

243 ranges· showing 25
VendorProductVersion rangeFixed in
googleandroid
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via an IOCTL call in the Graphics Linux kernel driver when assigning shared virtual memory regions — monitor for anomalous IOCTL calls to Qualcomm GPU/display driver nodes (e.g., /dev/kgsl-3d0 or similar)
  • Patch reference commit for kernel msm-4.19 branch available at the linked CodeLinaro repository — diff can be used to identify the vulnerable code path and build detection logic or YARA rules targeting the unpatched binary
  • Classified as an integer overflow leading to memory corruption — look for exploitation patterns consistent with integer overflow in kernel graphics driver (e.g., heap corruption, unexpected kernel crashes in GPU driver context)
  • Android Security Bulletin component is 'Display' — focus detection on display/GPU subsystem driver interactions on Android devices running affected Qualcomm chipsets
  • ·Vulnerability affects multiple Qualcomm chipsets; specific affected chipset models are not enumerated in these sources — consult Qualcomm Security Advisory QC-CR#3611296 for the full affected product list
  • ·Patching status varies by vendor/OEM — devices may remain vulnerable even after Android Security Bulletin publication if OEM patches have not been applied

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.4HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.