Lucene search

[email protected]NVD:CVE-2023-28577

HistoryAug 08, 2023 - 10:15 a.m.

CVE-2023-28577

2023-08-0810:15:14

CWE-416

[email protected]

web.nvd.nist.gov

uaf risk

buffer check

cam_req_mgr_release_buf

kernel address

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.

Affected configurations

NVD

Node

qualcommfastconnect_6800_firmwareMatch-

AND

qualcommfastconnect_6800Match-

Node

qualcommfastconnect_6900_firmwareMatch-

AND

qualcommfastconnect_6900Match-

Node

qualcommfastconnect_7800_firmwareMatch-

AND

qualcommfastconnect_7800Match-

Node

qualcommqca6391_firmwareMatch-

AND

qualcommqca6391Match-

Node

qualcommqca6426_firmwareMatch-

AND

qualcommqca6426Match-

Node

qualcommqca6436_firmwareMatch-

AND

qualcommqca6436Match-

Node

qualcommqcn9074_firmwareMatch-

AND

qualcommqcn9074Match-

Node

qualcommqcs410_firmwareMatch-

AND

qualcommqcs410Match-

Node

qualcommqcs610_firmwareMatch-

AND

qualcommqcs610Match-

Node

qualcommsd865_5g_firmwareMatch-

AND

qualcommsd865_5gMatch-

Node

qualcommsnapdragon_8_gen_1_firmwareMatch-

AND

qualcommsnapdragon_8_gen_1Match-

Node

qualcommsnapdragon_865_5g_firmwareMatch-

AND

qualcommsnapdragon_865_5gMatch-

Node

qualcommsnapdragon_865\+_5g_firmwareMatch-

AND

qualcommsnapdragon_865\+_5gMatch-

Node

qualcommsnapdragon_870_5g_firmwareMatch-

AND

qualcommsnapdragon_870_5gMatch-

Node

qualcommsnapdragon_x55_5g_firmwareMatch-

AND

qualcommsnapdragon_x55_5gMatch-

Node

qualcommsnapdragon_xr2_5g_firmwareMatch-

AND

qualcommsnapdragon_xr2_5gMatch-

Node

qualcommsw5100_firmwareMatch-

AND

qualcommsw5100Match-

Node

qualcommsw5100p_firmwareMatch-

AND

qualcommsw5100pMatch-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

Node

qualcommwcd9341_firmwareMatch-

AND

qualcommwcd9341Match-

Node

qualcommwcd9370_firmwareMatch-

AND

qualcommwcd9370Match-

Node

qualcommwcd9380_firmwareMatch-

AND

qualcommwcd9380Match-

Node

qualcommwcn3660b_firmwareMatch-

AND

qualcommwcn3660bMatch-

Node

qualcommwcn3680b_firmwareMatch-

AND

qualcommwcn3680bMatch-

Node

qualcommwcn3950_firmwareMatch-

AND

qualcommwcn3950Match-

Node

qualcommwcn3980_firmwareMatch-

AND

qualcommwcn3980Match-

Node

qualcommwcn3988_firmwareMatch-

AND

qualcommwcn3988Match-

Node

qualcommwsa8810_firmwareMatch-

AND

qualcommwsa8810Match-

Node

qualcommwsa8815_firmwareMatch-

AND

qualcommwsa8815Match-

Node

qualcommwsa8830_firmwareMatch-

AND

qualcommwsa8830Match-

Node

qualcommwsa8835_firmwareMatch-

AND

qualcommwsa8835Match-

References

www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2023-28577

cve1 cvelist1 prion1