Snapdragon 425 Mobile Platform Firmware
CVE-2023-33110
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.
AnalysisAI
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-823. The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption. Affected products include: Qualcomm Snapdragon 425 Mobile Platform Firmware, Qualcomm Snapdragon 427 Mobile Platform Firmware, Qualcomm Snapdragon 429 Mobile Platform Firmware, Qualcomm Snapdragon 430 Mobile Platform Firmware, Qualcomm Snapdragon 435 Mobile Platform Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this v
Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulner
Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no
Memory corruption in Audio during playback with speaker protection. Rated high severity (CVSS 8.4), this vulnerability i
CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. Rated
Memory corruption while processing API calls to NPU with invalid input. Rated high severity (CVSS 7.8), this vulnerabili
Memory corruption while processing GPU page table switch. Rated high severity (CVSS 7.8), this vulnerability is low atta
Memory corruption while processing voice packet with arbitrary data received from ADSP. Rated high severity (CVSS 7.8),
Memory corruption while performing finish HMAC operation when context is freed by keymaster. Rated high severity (CVSS 7
Same weakness CWE-823 – Use of Out-of-range Pointer Offset
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today