1. Home
  2. CVE Database
  3. CVE-2023-33110
HIGH · 7.8

CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event call...

Vulnerability Description

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommSnapdragon 425 Mobile Platform Firmware-
QualcommSnapdragon 425 Mobile Platform-
QualcommSnapdragon 427 Mobile Platform Firmware-
QualcommSnapdragon 427 Mobile Platform-
QualcommSnapdragon 429 Mobile Platform Firmware-
QualcommSnapdragon 429 Mobile Platform-
QualcommSnapdragon 430 Mobile Platform Firmware-
QualcommSnapdragon 430 Mobile Platform-
QualcommSnapdragon 435 Mobile Platform Firmware-
QualcommSnapdragon 435 Mobile Platform-
QualcommSnapdragon 439 Mobile Platform Firmware-
QualcommSnapdragon 439 Mobile Platform-
QualcommSnapdragon 450 Mobile Platform Firmware-
QualcommSnapdragon 450 Mobile Platform-
QualcommSnapdragon 460 Mobile Platform Firmware-
QualcommSnapdragon 460 Mobile Platform-
QualcommSnapdragon 480 5G Mobile Platform Firmware-
QualcommSnapdragon 480 5G Mobile Platform-
QualcommSnapdragon 480\+ 5G Mobile Platform Firmware-
QualcommSnapdragon 480\+ 5G Mobile Platform-

Related Weaknesses (CWE)

CWE-362CWE-823

References

FAQ

What is CVE-2023-33110?

CVE-2023-33110 is a vulnerability with a CVSS score of 7.8 (HIGH). The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event call...

How severe is CVE-2023-33110?

CVE-2023-33110 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-33110?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Snapdragon 425 Mobile Platform Firmware, Qualcomm Snapdragon 425 Mobile Platform, Qualcomm Snapdragon 427 Mobile Platform Firmware, Qualcomm Snapdragon 427 Mobile Platform, Qualcomm Snapdragon 429 Mobile Platform Firmware.