Lucene search
HistoryAug 08, 2023 - 10:15 a.m.
CVE-2023-28577
cve
2023
28577
function call
buffer
uaf
kernel address
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
Affected configurations
Node
qualcommfastconnect_6800_firmwareMatch-
qualcommfastconnect_6800Match-
Node
qualcommfastconnect_6900_firmwareMatch-
qualcommfastconnect_6900Match-
Node
qualcommfastconnect_7800_firmwareMatch-
qualcommfastconnect_7800Match-
Node
qualcommqca6391_firmwareMatch-
qualcommqca6391Match-
Node
qualcommqca6426_firmwareMatch-
qualcommqca6426Match-
Node
qualcommqca6436_firmwareMatch-
qualcommqca6436Match-
Node
qualcommqcn9074_firmwareMatch-
qualcommqcn9074Match-
Node
qualcommqcs410_firmwareMatch-
qualcommqcs410Match-
Node
qualcommqcs610_firmwareMatch-
qualcommqcs610Match-
Node
qualcommsd865_5g_firmwareMatch-
qualcommsd865_5gMatch-
Node
qualcommsnapdragon_8_gen_1_firmwareMatch-
qualcommsnapdragon_8_gen_1Match-
Node
qualcommsnapdragon_865_5g_firmwareMatch-
qualcommsnapdragon_865_5gMatch-
Node
qualcommsnapdragon_865\+_5g_firmwareMatch-
qualcommsnapdragon_865\+_5gMatch-
Node
qualcommsnapdragon_870_5g_firmwareMatch-
qualcommsnapdragon_870_5gMatch-
Node
qualcommsnapdragon_x55_5g_firmwareMatch-
qualcommsnapdragon_x55_5gMatch-
Node
qualcommsnapdragon_xr2_5g_firmwareMatch-
qualcommsnapdragon_xr2_5gMatch-
Node
qualcommsw5100_firmwareMatch-
qualcommsw5100Match-
Node
qualcommsw5100p_firmwareMatch-
qualcommsw5100pMatch-
Node
qualcommsxr2130_firmwareMatch-
qualcommsxr2130Match-
Node
qualcommwcd9341_firmwareMatch-
qualcommwcd9341Match-
Node
qualcommwcd9370_firmwareMatch-
qualcommwcd9370Match-
Node
qualcommwcd9380_firmwareMatch-
qualcommwcd9380Match-
Node
qualcommwcn3660b_firmwareMatch-
qualcommwcn3660bMatch-
Node
qualcommwcn3680b_firmwareMatch-
qualcommwcn3680bMatch-
Node
qualcommwcn3950_firmwareMatch-
qualcommwcn3950Match-
Node
qualcommwcn3980_firmwareMatch-
qualcommwcn3980Match-
Node
qualcommwcn3988_firmwareMatch-
qualcommwcn3988Match-
Node
qualcommwsa8810_firmwareMatch-
qualcommwsa8810Match-
Node
qualcommwsa8815_firmwareMatch-
qualcommwsa8815Match-
Node
qualcommwsa8830_firmwareMatch-
qualcommwsa8830Match-
Node
qualcommwsa8835_firmwareMatch-
qualcommwsa8835Match-
| CPE | Name | Operator | Version |
|---|---|---|---|
| qualcomm:fastconnect_6800_firmware | qualcomm fastconnect 6800 firmware | eq | - |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Compute",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
]Related
cvelist
cvelist
CVE-2023-28577 Multiple Dmabuf Kernel Address UAF Vulnerability
2023-08-08 09:15:07
prion
prion
Design/Logic Flaw
2023-08-08 10:15:00
nvd
nvd
CVE-2023-28577
2023-08-08 10:15:14
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Related for CVE-2023-28577