CVE-2023-33110 — Use of Out-of-range Pointer Offset in INC Snapdragon

CWE-823 — Use of Out-of-range Pointer Offset CWE-362 — Race Condition3 documents3 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 75.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Google Android

Timeline

PublishedJan 2

Description

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶googlegoogle/android

▶CVEListV5qualcomm_inc/snapdragon232 versions+231

🔴Vulnerability Details

GHSA

GHSA-vw9c-c8qf-hw7g: The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM c↗2024-01-02

▶

📋Vendor Advisories

Android

CVE-2023-33110: Audio↗2024-01-01

▶