HIGHCVSS8.4
|Actively Exploited
|CISA KEV|CVE-2023-33106|Auth: none — unauthenticated|Reboot: required|Manual onlyQualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability (CVE-2023-33106)
Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.
Published Dec 5, 2023 · Updated May 17, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched
A local attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2023-12-26 under CISA BOD 22-01.
How the attack worksNo clicks needed
This is a Software Vulnerability (CWE-823) (CWE-823) vulnerability in Qualcomm Multiple Chipsets. Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. Exploitation requires local access, low attack complexity, no authentication required, and no user interaction required.
Am I affected?Quick check
Probably yes if any of these apply:
●IT Security
●Running ar8035 firmware: -; csra6620 firmware: -; csra6640 firmware: -; fastconnect 6200 firmware: -; fastconnect 6700 firmware: -; fastconnect 6800 firmware: -; fastconnect 6900 firmware: -; fastconnect 7800 firmware: -; flight rb5 5g platform firmware: -; qam8255p firmware: -; qam8295p firmware: -; qam8650p firmware: -; qam8775p firmware: -; qca6174a firmware: -; qca6391 firmware: -; qca6426 firmware: -; qca6436 firmware: -; qca6574 firmware: -; qca6574a firmware: -; qca6574au firmware: -; qca6595 firmware: -; qca6595au firmware: -; qca6696 firmware: -; qca6698aq firmware: -; qca6797aq firmware: -; qca8081 firmware: -; qca8337 firmware: -; qca9377 firmware: -; qcm2290 firmware: -; qcm4290 firmware: -; qcm4325 firmware: -; qcm4490 firmware: -; qcm5430 firmware: -; qcm6490 firmware: -; qcm8550 firmware: -; qcn6024 firmware: -; qcn9011 firmware: -; qcn9012 firmware: -; qcn9024 firmware: -; qcs2290 firmware: -; qcs410 firmware: -; qcs4290 firmware: -; qcs4490 firmware: -; qcs5430 firmware: -; qcs610 firmware: -; qcs6490 firmware: -; qcs7230 firmware: -; qcs8250 firmware: -; qcs8550 firmware: -; qrb5165m firmware: -; qrb5165n firmware: -; qualcomm 215 mobile platform firmware: -; video collaboration vc1 platform firmware: -; video collaboration vc3 platform firmware: -; video collaboration vc5 platform firmware: -; robotics rb5 platform firmware: -; sa4150p firmware: -; sa4155p firmware: -; sa6145p firmware: -; sa6150p firmware: -; sa6155p firmware: -; sa8145p firmware: -; sa8150p firmware: -; sa8155p firmware: -; sa8195p firmware: -; sa8255p firmware: -; sa8295p firmware: -; sa8770p firmware: -; sa8775p firmware: -; sa9000p firmware: -; sd 8 gen1 5g firmware: -; sd660 firmware: -; sd865 5g firmware: -; sd888 firmware: -; sg4150p firmware: -; sg8275p firmware: -; sm4125 firmware: -; sm7250p firmware: -; sm7315 firmware: -; sm7325p firmware: -; sm8550p firmware: -; smart audio 400 platform firmware: -; snapdragon 4 gen 1 mobile platform firmware: -; snapdragon 4 gen 2 mobile platform firmware: -; snapdragon 439 mobile platform firmware: -; snapdragon 460 mobile platform firmware: -; snapdragon 480 5g mobile platform firmware: -; snapdragon 480\+ 5g mobile platform firmware: -; snapdragon 660 mobile platform firmware: -; snapdragon 662 mobile platform firmware: -; snapdragon 680 4g mobile platform firmware: -; snapdragon 685 4g mobile platform firmware: -; snapdragon 690 5g mobile platform firmware: -; snapdragon 695 5g mobile platform firmware: -; snapdragon 750g 5g mobile platform firmware: -; snapdragon 765 5g mobile platform firmware: -; snapdragon 765g 5g mobile platform firmware: -; snapdragon 768g 5g mobile platform firmware: -; snapdragon 778g 5g mobile platform firmware: -; snapdragon 778g\+ 5g mobile platform firmware: -; snapdragon 780g 5g mobile platform firmware: -; snapdragon 782g mobile platform firmware: -; snapdragon 7c\+ gen 3 compute firmware: -; snapdragon 8 gen 1 mobile platform firmware: -; snapdragon 8 gen 2 mobile platform firmware: -; snapdragon 8\+ gen 1 mobile platform firmware: -; snapdragon 8\+ gen 2 mobile platform firmware: -; snapdragon 865 5g mobile platform firmware: -; snapdragon 865\+ 5g mobile platform firmware: -; snapdragon 870 5g mobile platform firmware: -; snapdragon 888 5g mobile platform firmware: -; snapdragon 888\+ 5g mobile platform firmware: -; snapdragon ar2 gen 1 platform firmware: -; snapdragon auto 5g modem-rf firmware: -; snapdragon w5\+ gen 1 wearable platform firmware: -; snapdragon x12 lte modem firmware: -; snapdragon x55 5g modem-rf system firmware: -; snapdragon x65 5g modem-rf system firmware: -; snapdragon xr2 5g platform firmware: -; snapdragon xr2\+ gen 1 platform firmware: -; ssg2115p firmware: -; ssg2125p firmware: -; sw5100 firmware: -; sw5100p firmware: -; sxr1230p firmware: -; sxr2130 firmware: -; sxr2230p firmware: -; wcd9326 firmware: -; wcd9335 firmware: -; wcd9341 firmware: -; wcd9370 firmware: -; wcd9375 firmware: -; wcd9380 firmware: -; wcd9385 firmware: -; wcd9390 firmware: -; wcd9395 firmware: -; wcn3615 firmware: -; wcn3660b firmware: -; wcn3680b firmware: -; wcn3910 firmware: -; wcn3950 firmware: -; wcn3980 firmware: -; wcn3988 firmware: -; wcn3990 firmware: -; wcn6740 firmware: -; wsa8810 firmware: -; wsa8815 firmware: -; wsa8830 firmware: -; wsa8832 firmware: -; wsa8835 firmware: -; wsa8840 firmware: -; wsa8845 firmware: -; wsa8845h firmware: -
Real-world incidentsWhat we've seen
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2023-12-05 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2023-12-26.
How to patch
Manual remediation steps
1
Identify affected hosts: query inventory for general installs in scope.
2
Apply the vendor security update referenced in CVE-2023-33106's advisory. No specific KB/version is encoded yet — consult the linked MSRC/vendor URL.
3
Verify the fix per the vendor's published verification steps.
4
Document the remediation in your change ticket and re-scan with your vulnerability scanner to confirm closure.
PowerShell automationComing soon
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.