In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
References
| Link | Resource |
|---|---|
| https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
Configuration 29 (hide)
| AND |
|
Configuration 30 (hide)
| AND |
|
Configuration 31 (hide)
| AND |
|
History
15 Aug 2023, 13:43
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:qualcomm:snapdragon_8_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:snapdragon_870_5g:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_x55_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_865\+_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_870_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:snapdragon_x55_5g:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_xr2_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:snapdragon_865_5g:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:snapdragon_865\+_5g:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_8_gen_1_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:snapdragon_xr2_5g:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:fastconnect_6800:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_865_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qcn9074:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin - Patch, Vendor Advisory | |
| First Time |
Qualcomm wcn3988
Qualcomm qcs410 Firmware Qualcomm snapdragon 8 Gen 1 Qualcomm wcn3680b Firmware Qualcomm wcd9370 Firmware Qualcomm wcn3980 Qualcomm fastconnect 6800 Qualcomm sd865 5g Firmware Qualcomm qca6391 Firmware Qualcomm wsa8830 Qualcomm wsa8810 Firmware Qualcomm snapdragon 8 Gen 1 Firmware Qualcomm snapdragon X55 5g Firmware Qualcomm qcs610 Qualcomm wcd9380 Firmware Qualcomm qcn9074 Qualcomm sw5100p Qualcomm wsa8815 Qualcomm sw5100 Qualcomm fastconnect 7800 Firmware Qualcomm qca6436 Qualcomm snapdragon 870 5g Firmware Qualcomm wsa8810 Qualcomm snapdragon Xr2 5g Qualcomm fastconnect 6800 Firmware Qualcomm wcn3950 Qualcomm fastconnect 6900 Qualcomm wcn3660b Qualcomm qcs610 Firmware Qualcomm wcn3988 Firmware Qualcomm sw5100 Firmware Qualcomm qca6426 Qualcomm fastconnect 6900 Firmware Qualcomm snapdragon 870 5g Qualcomm wcd9341 Qualcomm sxr2130 Firmware Qualcomm Qualcomm qcs410 Qualcomm qca6391 Qualcomm snapdragon Xr2 5g Firmware Qualcomm snapdragon X55 5g Qualcomm sd865 5g Qualcomm snapdragon 865 5g Qualcomm wcn3680b Qualcomm snapdragon 865\+ 5g Firmware Qualcomm snapdragon 865\+ 5g Qualcomm wsa8830 Firmware Qualcomm fastconnect 7800 Qualcomm wsa8835 Firmware Qualcomm wcd9341 Firmware Qualcomm wcn3980 Firmware Qualcomm sw5100p Firmware Qualcomm wcd9380 Qualcomm snapdragon 865 5g Firmware Qualcomm wsa8815 Firmware Qualcomm sxr2130 Qualcomm wcn3660b Firmware Qualcomm qcn9074 Firmware Qualcomm wsa8835 Qualcomm qca6436 Firmware Qualcomm wcn3950 Firmware Qualcomm qca6426 Firmware Qualcomm wcd9370 |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | CWE-416 |
08 Aug 2023, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-08 10:15
Updated : 2024-04-12 17:17
NVD link : CVE-2023-28577
Mitre link : CVE-2023-28577
JSON object : View
Products Affected
qualcomm
- sw5100_firmware
- qcs410_firmware
- snapdragon_865\+_5g_firmware
- sxr2130_firmware
- wcd9380_firmware
- snapdragon_x55_5g
- wcn3680b_firmware
- wsa8810
- fastconnect_7800_firmware
- fastconnect_6900_firmware
- snapdragon_865_5g_firmware
- wcn3950_firmware
- qca6436
- qcn9074_firmware
- sd865_5g
- sw5100
- snapdragon_8_gen_1
- sw5100p
- sd865_5g_firmware
- snapdragon_870_5g_firmware
- wcn3988
- wcn3660b
- qca6391
- qca6391_firmware
- qcs610_firmware
- wsa8815
- snapdragon_870_5g
- qca6426
- wsa8835
- wcd9370
- wcn3988_firmware
- snapdragon_865_5g
- snapdragon_8_gen_1_firmware
- sw5100p_firmware
- qcs410
- fastconnect_6800
- fastconnect_6800_firmware
- snapdragon_865\+_5g
- snapdragon_xr2_5g
- fastconnect_6900
- wcd9341_firmware
- wcn3680b
- qcs610
- snapdragon_x55_5g_firmware
- wcn3660b_firmware
- wcd9370_firmware
- wsa8810_firmware
- wsa8830_firmware
- wcn3950
- snapdragon_xr2_5g_firmware
- sxr2130
- qcn9074
- wsa8830
- wcn3980_firmware
- fastconnect_7800
- qca6436_firmware
- wsa8835_firmware
- wcd9380
- wsa8815_firmware
- wcn3980
- wcd9341
- qca6426_firmware
CWE
CWE-416
Use After Free