← back
CVE-2023-33063

Use After Free in DSP Services

CVSS 7.8 HIGHEPSS 0.7%● KEVCWE-416
In short

A memory error in DSP Services allows an attacker to exploit freed memory when HLOS (High-Level Operating System) communicates with the DSP processor, potentially crashing the system or executing unintended code.

Technical detail

Use-after-free vulnerability in DSP Services triggered via remote procedure calls from HLOS to DSP; requires ability to initiate IPC communication and results in memory corruption that may lead to denial of service or code execution in the DSP context.

Summary generated and translated by AI from the official description.
Memory corruption in DSP Services during a remote call from HLOS to DSP.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33063https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin