CVE-2023-33107

HIGH KEV

Qualcomm 315 5G IoT Modem Firmware - Memory Corruption via Graphics IOCTL Shared Virtual Memory Assignment

Title source: llm

Exploitation Summary

CVE-2023-33107 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 5, 2023. EIP tracks 1 public exploit from researchers including keto0422.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2023-33107, targeting a use-after-free vulnerability in the Qualcomm Adreno GPU driver. The exploit leverages GPU memory manipulation and race conditions to achieve arbitrary memory corruption, potentially leading to privilege escalation.

Description

Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

Exploits (1)

nomisec WORKING POC

by keto0422 · local

https://github.com/keto0422/CVE-2023-33107

View Code ZIP pw:eip

This is a proof-of-concept exploit for CVE-2023-33107, targeting a use-after-free vulnerability in the Qualcomm Adreno GPU driver. The exploit leverages GPU memory manipulation and race conditions to achieve arbitrary memory corruption, potentially leading to privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Qualcomm Adreno GPU driver (kgsl)

No auth needed

Prerequisites: Access to the target device · Kernel with vulnerable Qualcomm Adreno GPU driver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33107

Scores

CVSS v3 8.4

EPSS 0.0089

EPSS Percentile 54.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2023-12-05

VulnCheck KEV 2023-10-02

InTheWild.io 2023-10-03

ENISA EUVD EUVD-2023-37296

CWE

CWE-190

Status published

Products (50)

qualcomm/315_5g_iot_modem_firmware

qualcomm/apq8017_firmware

qualcomm/apq8064au_firmware

qualcomm/aqt1000_firmware

qualcomm/ar8031_firmware

qualcomm/ar8035_firmware

qualcomm/c-v2x_9150_firmware

qualcomm/csra6620_firmware

qualcomm/csra6640_firmware

qualcomm/csrb31024_firmware

... and 40 more

Published Dec 05, 2023

KEV Added Dec 05, 2023

Tracked Since Feb 18, 2026