CVE-2023-33119Time-of-check Time-of-use (TOCTOU) Race Condition in INC Snapdragon

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 85.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qualcomm INC SnapdragonGoogle Android
Timeline
PublishedMay 6

Description

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

CVEListV5qualcomm_inc/snapdragon160 versions+159

🔴Vulnerability Details

1
GHSA
GHSA-8rqf-8g2h-r7c2: Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache2024-05-06

📋Vendor Advisories

1
Android
CVE-2023-33119: Closed-source component2024-05-01