CVE-2023-33110

HIGH

PCM host voice audio driver - Memory Corruption

Title source: llm
STIX 2.1

Description

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0008
EPSS Percentile 24.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-362 CWE-823
Status published
Products (50)
qualcomm/snapdragon_425_mobile_platform_firmware
qualcomm/snapdragon_427_mobile_platform_firmware
qualcomm/snapdragon_429_mobile_platform_firmware
qualcomm/snapdragon_430_mobile_platform_firmware
qualcomm/snapdragon_435_mobile_platform_firmware
qualcomm/snapdragon_439_mobile_platform_firmware
qualcomm/snapdragon_450_mobile_platform_firmware
qualcomm/snapdragon_460_mobile_platform_firmware
qualcomm/snapdragon_480\+_5g_mobile_platform_firmware
qualcomm/snapdragon_480_5g_mobile_platform_firmware
... and 40 more
Published Jan 02, 2024
Tracked Since Feb 18, 2026