CVE-2023-28577 | ByteOS Network

Vulnerability Details :

CVE-2023-28577

Assigner-qualcomm

Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At-08 Aug, 2023 | 09:15

Updated At-02 Aug, 2024 | 13:43

Multiple Dmabuf Kernel Address UAF Vulnerability

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:qualcomm

Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At:08 Aug, 2023 | 09:15

Updated At:02 Aug, 2024 | 13:43

▼CVE Numbering Authority (CNA)

Multiple Dmabuf Kernel Address UAF Vulnerability

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.

Affected Products

Vendor

Qualcomm Technologies, Inc.

Product

Platforms

Snapdragon Compute
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Wearables

Default Status

unaffected

Versions

Affected

Problem Types

Type	CWE ID	Description
CWE	CWE-416	CWE-416 Use After Free

Type: CWE

CWE ID: CWE-416

Description: CWE-416 Use After Free

Metrics

Version	Base score	Base severity	Vector
3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 6.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin	N/A

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Affected Products

Vendor

Qualcomm Technologies, Inc.

Product

fastconnect_6800_firmware

CPEs

cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

fastconnect_6900_firmware

CPEs

cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

fastconnect_7800_firmware

CPEs

cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qca6391_firmware

CPEs

cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qca6426_firmware

CPEs

cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qca6436_firmware

CPEs

cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qcn9074_firmware

CPEs

cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qcs410_firmware

CPEs

cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

qcs610_firmware

CPEs

cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sd865_5g_firmware

CPEs

cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

snapdragon_8_gen_1_mobile_platform_firmware

CPEs

cpe:2.3:o:qualcomm:snapdragon_8_gen_1_mobile_platform_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

snapdragon_865_5g_mobile_platform_firmware

CPEs

cpe:2.3:o:qualcomm:snapdragon_865_5g_mobile_platform_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

snapdragon_x55_5g_modem-rf_system_firmware

CPEs

cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

snapdragon_xr2_5g_platform_firmware

CPEs

cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sw5100_firmware

CPEs

cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sw5100p_firmware

CPEs

cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

sxr2130_firmware

CPEs

cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcd9341_firmware

CPEs

cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcd9370_firmware

CPEs

cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcd9380_firmware

CPEs

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcn3660b_firmware

CPEs

cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcn3680b_firmware

CPEs

cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcn3950_firmware

CPEs

cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcn3980_firmware

CPEs

cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wcn3988_firmware

CPEs

cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wsa8810_firmware

CPEs

cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wsa8815_firmware

CPEs

cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wsa8830_firmware

CPEs

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Vendor

Qualcomm Technologies, Inc.

Product

wsa8835_firmware

CPEs

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 through * (custom)

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin	x_transferred

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin

Resource:

x_transferred

▼National Vulnerability Database (NVD)

Source:product-security@qualcomm.com

Published At:08 Aug, 2023 | 10:15

Updated At:12 Apr, 2024 | 17:17

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 7.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 6.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Qualcomm Technologies, Inc.

>>fastconnect_6800_firmware>>-

cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>fastconnect_6800>>-

cpe:2.3:h:qualcomm:fastconnect_6800:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>fastconnect_6900_firmware>>-

cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>fastconnect_6900>>-

cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>fastconnect_7800_firmware>>-

cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>fastconnect_7800>>-

cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6391_firmware>>-

cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6426_firmware>>-

cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qca6436_firmware>>-

cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qcn9074_firmware>>-

cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:qcn9074:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qcs410_firmware>>-

cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>qcs610_firmware>>-

cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd865_5g_firmware>>-

cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_8_gen_1_firmware>>-

cpe:2.3:o:qualcomm:snapdragon_8_gen_1_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_8_gen_1>>-

cpe:2.3:h:qualcomm:snapdragon_8_gen_1:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_865_5g_firmware>>-

cpe:2.3:o:qualcomm:snapdragon_865_5g_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_865_5g>>-

cpe:2.3:h:qualcomm:snapdragon_865_5g:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_865\+_5g_firmware>>-

cpe:2.3:o:qualcomm:snapdragon_865\+_5g_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_865\+_5g>>-

cpe:2.3:h:qualcomm:snapdragon_865\+_5g:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_870_5g_firmware>>-

cpe:2.3:o:qualcomm:snapdragon_870_5g_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_870_5g>>-

cpe:2.3:h:qualcomm:snapdragon_870_5g:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_x55_5g_firmware>>-

cpe:2.3:o:qualcomm:snapdragon_x55_5g_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_x55_5g>>-

cpe:2.3:h:qualcomm:snapdragon_x55_5g:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_xr2_5g_firmware>>-

cpe:2.3:o:qualcomm:snapdragon_xr2_5g_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>snapdragon_xr2_5g>>-

cpe:2.3:h:qualcomm:snapdragon_xr2_5g:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sw5100_firmware>>-

cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sw5100p_firmware>>-

cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sxr2130_firmware>>-

cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcd9341_firmware>>-

cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcd9370_firmware>>-

cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcd9380_firmware>>-

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn3660b_firmware>>-

cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn3680b_firmware>>-

cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>wcn3950_firmware>>-

cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-416	Primary	nvd@nist.gov
CWE-416	Secondary	product-security@qualcomm.com

CWE ID: CWE-416

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-416

Type: Secondary

Source: product-security@qualcomm.com

References

Hyperlink	Source	Resource
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin	product-security@qualcomm.com	Patch Vendor Advisory

Hyperlink: https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin

Source: product-security@qualcomm.com

Resource:

Patch

Vendor Advisory