Security News > 2023 > October > Qualcomm patches 3 actively exploited zero-days

Qualcomm patches 3 actively exploited zero-days
2023-10-04 13:43

Qualcomm has fixed three actively exploited vulnerabilities in its Adreno GPU and Compute DSP drivers.

Vulnerabilities exploited in Qualcomm GPU and DSP drivers.

The US-based semiconductor company has been notified by Google Threat Analysis Group and Google Project Zero that CVE-2023-33106, CVE-2023-33107, CVE-2023-33063, and CVE-2022-22071 "May be under limited, targeted exploitation".

CVE-2022-22071 is an older use-after-free vulnerability found in Automotive Android OS and patched in May 2022.

Additional information about the three zero-days will be shared in the December security bulletin, but the company has released patches for them.

There are no indications that these additional vulnerabilities have been exploited in the wild.


News URL

https://www.helpnetsecurity.com/2023/10/04/qualcomm-vulnerabilities-exploited/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-33107 Integer Overflow or Wraparound vulnerability in Qualcomm products
Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.
local
low complexity
qualcomm CWE-190
7.8
2023-12-05 CVE-2023-33106 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
local
low complexity
qualcomm CWE-119
7.8
2023-12-05 CVE-2023-33063 Use After Free vulnerability in Qualcomm products
Memory corruption in DSP Services during a remote call from HLOS to DSP.
local
low complexity
qualcomm CWE-416
7.8
2022-06-14 CVE-2022-22071 Use After Free vulnerability in Qualcomm products
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
local
low complexity
qualcomm CWE-416
7.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qualcomm 2304 99 457 897 439 1892