CVE-2023-33110
📋 TL;DR
This CVE describes a race condition vulnerability in Qualcomm's PCM host voice audio driver where improper session index handling during event callbacks and PCM close operations can lead to memory corruption. The vulnerability affects devices using Qualcomm audio components and could allow attackers to execute arbitrary code or cause system crashes. This primarily impacts Android devices and other embedded systems with Qualcomm chipsets.
💻 Affected Systems
- Qualcomm audio components
- Android devices with Qualcomm chipsets
- Embedded systems using Qualcomm audio drivers
📦 What is this software?
Snapdragon 425 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 425 Mobile Platform Firmware →
Snapdragon 427 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 427 Mobile Platform Firmware →
Snapdragon 429 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 429 Mobile Platform Firmware →
Snapdragon 430 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 430 Mobile Platform Firmware →
Snapdragon 435 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 435 Mobile Platform Firmware →
Snapdragon 439 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 439 Mobile Platform Firmware →
Snapdragon 450 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 450 Mobile Platform Firmware →
Snapdragon 460 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 460 Mobile Platform Firmware →
Snapdragon 480 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 480 5g Mobile Platform Firmware →
Snapdragon 480 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 480 5g Mobile Platform Firmware →
Snapdragon 625 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 625 Mobile Platform Firmware →
Snapdragon 626 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 626 Mobile Platform Firmware →
Snapdragon 630 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 630 Mobile Platform Firmware →
Snapdragon 632 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 632 Mobile Platform Firmware →
Snapdragon 636 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 636 Mobile Platform Firmware →
Snapdragon 660 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 660 Mobile Platform Firmware →
Snapdragon 662 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 662 Mobile Platform Firmware →
Snapdragon 665 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 665 Mobile Platform Firmware →
Snapdragon 670 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 670 Mobile Platform Firmware →
Snapdragon 675 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 675 Mobile Platform Firmware →
Snapdragon 678 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 678 Mobile Platform Firmware →
Snapdragon 680 4g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 680 4g Mobile Platform Firmware →
Snapdragon 685 4g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 685 4g Mobile Platform Firmware →
Snapdragon 690 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 690 5g Mobile Platform Firmware →
Snapdragon 695 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 695 5g Mobile Platform Firmware →
Snapdragon 710 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 710 Mobile Platform Firmware →
Snapdragon 712 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 712 Mobile Platform Firmware →
Snapdragon 720g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 720g Mobile Platform Firmware →
Snapdragon 730 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 730 Mobile Platform Firmware →
Snapdragon 730g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 730g Mobile Platform Firmware →
Snapdragon 732g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 732g Mobile Platform Firmware →
Snapdragon 750g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 750g 5g Mobile Platform Firmware →
Snapdragon 765 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 765 5g Mobile Platform Firmware →
Snapdragon 765g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 765g 5g Mobile Platform Firmware →
Snapdragon 768g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 768g 5g Mobile Platform Firmware →
Snapdragon 778g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 778g 5g Mobile Platform Firmware →
Snapdragon 778g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 778g 5g Mobile Platform Firmware →
Snapdragon 780g 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 780g 5g Mobile Platform Firmware →
Snapdragon 782g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 782g Mobile Platform Firmware →
Snapdragon 7c Compute Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 7c Compute Platform Firmware →
Snapdragon 7c Gen 2 Compute Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 7c Gen 2 Compute Platform Firmware →
Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm
View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →
Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →
Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →
Snapdragon 820 Automotive Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 820 Automotive Platform Firmware →
Snapdragon 820 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 820 Mobile Platform Firmware →
Snapdragon 821 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 821 Mobile Platform Firmware →
Snapdragon 835 Mobile Pc Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 835 Mobile Pc Platform Firmware →
Snapdragon 845 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 845 Mobile Platform Firmware →
Snapdragon 850 Mobile Compute Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 850 Mobile Compute Platform Firmware →
Snapdragon 855 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 855 Mobile Platform Firmware →
Snapdragon 855\+\/860 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 855\+\/860 Mobile Platform Firmware →
Snapdragon 865 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 865 5g Mobile Platform Firmware →
Snapdragon 865 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 865 5g Mobile Platform Firmware →
Snapdragon 870 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 870 5g Mobile Platform Firmware →
Snapdragon 888 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 888 5g Mobile Platform Firmware →
Snapdragon 888 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 888 5g Mobile Platform Firmware →
Snapdragon 8c Compute Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8c Compute Platform Firmware →
Snapdragon 8c Compute Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8c Compute Platform Firmware →
Snapdragon 8cx Compute Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8cx Compute Platform Firmware →
Snapdragon 8cx Compute Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8cx Compute Platform Firmware →
Snapdragon 8cx Gen 2 5g Compute Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform Firmware →
Snapdragon 8cx Gen 2 5g Compute Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8cx Gen 2 5g Compute Platform Firmware →
Snapdragon 8cx Gen 3 Compute Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8cx Gen 3 Compute Platform Firmware →
Snapdragon Ar2 Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Ar2 Gen 1 Platform Firmware →
Snapdragon Auto 4g Modem Firmware by Qualcomm
Snapdragon Auto 5g Modem Rf Firmware by Qualcomm
View all CVEs affecting Snapdragon Auto 5g Modem Rf Firmware →
Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon W5\+ Gen 1 Wearable Platform Firmware →
Snapdragon Wear 1300 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Wear 1300 Platform Firmware →
Snapdragon Wear 2100 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Wear 2100 Platform Firmware →
Snapdragon Wear 2500 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Wear 2500 Platform Firmware →
Snapdragon Wear 3100 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Wear 3100 Platform Firmware →
Snapdragon Wear 4100\+ Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Wear 4100\+ Platform Firmware →
Snapdragon X12 Lte Modem Firmware by Qualcomm
Snapdragon X24 Lte Modem Firmware by Qualcomm
Snapdragon X5 Lte Modem Firmware by Qualcomm
Snapdragon X50 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X50 5g Modem Rf System Firmware →
Snapdragon X55 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X55 5g Modem Rf System Firmware →
Snapdragon X65 5g Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X65 5g Modem Rf System Firmware →
Snapdragon X70 Modem Rf System Firmware by Qualcomm
View all CVEs affecting Snapdragon X70 Modem Rf System Firmware →
Snapdragon Xr1 Platform Firmware by Qualcomm
Snapdragon Xr2 5g Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Xr2 5g Platform Firmware →
Snapdragon Xr2\+ Gen 1 Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon Xr2\+ Gen 1 Platform Firmware →
Vision Intelligence 100 Platform Firmware by Qualcomm
View all CVEs affecting Vision Intelligence 100 Platform Firmware →
Vision Intelligence 200 Platform Firmware by Qualcomm
View all CVEs affecting Vision Intelligence 200 Platform Firmware →
Vision Intelligence 300 Platform Firmware by Qualcomm
View all CVEs affecting Vision Intelligence 300 Platform Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Successful exploitation could lead to arbitrary code execution with kernel privileges, potentially resulting in complete device compromise, data theft, or persistent backdoor installation.
Likely Case
Most probable impact is denial of service through system crashes or audio subsystem instability, though local privilege escalation is possible with sophisticated exploitation.
If Mitigated
With proper security controls like SELinux/AppArmor and kernel hardening, impact may be limited to denial of service or contained within sandboxed environments.
🎯 Exploit Status
Exploitation requires precise timing to trigger race condition and knowledge of memory layout; likely requires local access and audio subsystem permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches included in January 2024 Qualcomm security bulletin
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin
Restart Required: Yes
Instructions:
1. Check device manufacturer for security updates. 2. Apply January 2024 or later Qualcomm security patches. 3. Update Android security patch level to January 2024 or later. 4. Reboot device after update.
🔧 Temporary Workarounds
Restrict audio subsystem access
linuxLimit which applications and users can access audio APIs and drivers
Disable unnecessary audio features
allDisable voice processing or advanced audio features if not required
🧯 If You Can't Patch
- Implement strict application sandboxing and privilege separation
- Monitor for abnormal audio subsystem behavior or crashes
🔍 How to Verify
Check if Vulnerable:
Check Android security patch level (Settings > About phone > Android security patch level) - if before January 2024, likely vulnerable. Check Qualcomm driver versions if accessible.Check Version:
On Android: adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify Android security patch level is January 2024 or later. Check with device manufacturer for specific patch verification.📡 Detection & Monitoring
Log Indicators:
- Kernel panics or crashes related to audio drivers
- Audio subsystem error messages
- Permission denied errors for audio device access
Network Indicators:
- No direct network indicators - this is a local vulnerability
SIEM Query:
Search for: 'audio driver crash' OR 'PCM' AND 'kernel panic' OR 'segmentation fault' in system logs