In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
References
| Link | Resource |
|---|---|
| https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
Configuration 29 (hide)
| AND |
|
Configuration 30 (hide)
| AND |
|
Configuration 31 (hide)
| AND |
|
History
15 Aug 2023, 13:43
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-416 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| References | (MISC) https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin - Patch, Vendor Advisory | |
| CPE | cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:snapdragon_xr2_5g:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_xr2_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_870_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:snapdragon_x55_5g:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qcn9074:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:snapdragon_865\+_5g:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:fastconnect_6800:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_865_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:snapdragon_865_5g:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:snapdragon_8_gen_1:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_x55_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_865\+_5g_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:snapdragon_8_gen_1_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:snapdragon_870_5g:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:* cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:* |
|
| First Time |
Qualcomm wcn3980 Firmware
Qualcomm wcn3950 Firmware Qualcomm snapdragon 865\+ 5g Qualcomm snapdragon Xr2 5g Firmware Qualcomm qcn9074 Firmware Qualcomm fastconnect 6800 Qualcomm wcd9341 Firmware Qualcomm qca6426 Qualcomm snapdragon Xr2 5g Qualcomm wcd9341 Qualcomm wsa8810 Firmware Qualcomm snapdragon X55 5g Qualcomm qca6436 Firmware Qualcomm wcd9380 Qualcomm qcs410 Firmware Qualcomm snapdragon 865 5g Qualcomm Qualcomm snapdragon 8 Gen 1 Qualcomm snapdragon 870 5g Firmware Qualcomm sw5100p Firmware Qualcomm qcn9074 Qualcomm fastconnect 7800 Firmware Qualcomm sxr2130 Qualcomm fastconnect 6800 Firmware Qualcomm snapdragon 865 5g Firmware Qualcomm sxr2130 Firmware Qualcomm qcs610 Qualcomm qca6391 Firmware Qualcomm wcn3660b Firmware Qualcomm wcn3660b Qualcomm snapdragon 865\+ 5g Firmware Qualcomm sw5100p Qualcomm qca6436 Qualcomm qcs610 Firmware Qualcomm wcd9370 Firmware Qualcomm wcd9370 Qualcomm wsa8815 Firmware Qualcomm sd865 5g Qualcomm qca6391 Qualcomm snapdragon 8 Gen 1 Firmware Qualcomm wsa8810 Qualcomm wsa8830 Firmware Qualcomm fastconnect 6900 Firmware Qualcomm snapdragon 870 5g Qualcomm snapdragon X55 5g Firmware Qualcomm wcn3950 Qualcomm wsa8835 Qualcomm sw5100 Qualcomm wcn3988 Qualcomm wcd9380 Firmware Qualcomm wsa8835 Firmware Qualcomm qca6426 Firmware Qualcomm wsa8815 Qualcomm sw5100 Firmware Qualcomm fastconnect 7800 Qualcomm wcn3680b Firmware Qualcomm wcn3988 Firmware Qualcomm wcn3680b Qualcomm wcn3980 Qualcomm sd865 5g Firmware Qualcomm fastconnect 6900 Qualcomm wsa8830 Qualcomm qcs410 |
08 Aug 2023, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-08 10:15
Updated : 2024-04-12 17:17
NVD link : CVE-2023-28577
Mitre link : CVE-2023-28577
CVE.ORG link : CVE-2023-28577
JSON object : View
Products Affected
qualcomm
- snapdragon_xr2_5g_firmware
- wcn3680b_firmware
- wsa8810_firmware
- wcn3660b
- qcn9074
- sw5100p_firmware
- wcd9380
- snapdragon_870_5g
- fastconnect_6900_firmware
- snapdragon_865_5g
- wcd9380_firmware
- snapdragon_x55_5g_firmware
- wsa8815
- qcs410_firmware
- qca6391
- qcs610
- wcn3980
- wcn3950
- wsa8830_firmware
- qca6426
- snapdragon_865_5g_firmware
- fastconnect_6800
- qcs610_firmware
- wcn3950_firmware
- wcn3988_firmware
- fastconnect_7800
- snapdragon_865\+_5g
- wcd9341_firmware
- wsa8830
- sd865_5g_firmware
- qca6436
- sxr2130
- wsa8810
- fastconnect_6800_firmware
- sd865_5g
- snapdragon_xr2_5g
- wsa8835_firmware
- sw5100p
- snapdragon_x55_5g
- wcd9370_firmware
- qca6436_firmware
- sw5100
- snapdragon_870_5g_firmware
- wcn3680b
- qca6391_firmware
- qca6426_firmware
- wcn3660b_firmware
- wsa8835
- qcs410
- snapdragon_865\+_5g_firmware
- snapdragon_8_gen_1
- fastconnect_6900
- wcn3980_firmware
- wsa8815_firmware
- sxr2130_firmware
- qcn9074_firmware
- fastconnect_7800_firmware
- wcn3988
- wcd9341
- sw5100_firmware
- snapdragon_8_gen_1_firmware
- wcd9370
CWE
CWE-416
Use After Free