CVE-2023-28577: Multiple Dmabuf Kernel Address UAF Vulnerability
First published: Tue Aug 08 2023(Updated: )
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Qualcomm FastConnect 6800 Firmware | ||
| Qualcomm FastConnect 6800 Firmware | ||
| All of | ||
| Qualcomm FastConnect 6900 Firmware | ||
| Qualcomm Fastconnect 6900 Firmware | ||
| All of | ||
| Qualcomm Fastconnect 7800 Firmware | ||
| Qualcomm Fastconnect 7800 Firmware | ||
| All of | ||
| Qualcomm QCA6391 Firmware | ||
| Qualcomm QCA6391 Firmware | ||
| All of | ||
| Qualcomm QCA6426 Firmware | ||
| Qualcomm QCA6426 Firmware | ||
| All of | ||
| Qualcomm QCA6436 Firmware | ||
| Qualcomm QCA6436 Firmware | ||
| All of | ||
| Qualcomm QCN9074 Firmware | ||
| Qualcomm QCN9074 Firmware | ||
| All of | ||
| Qualcomm QCS410 Firmware | ||
| Qualcomm QCS410 Firmware | ||
| All of | ||
| Qualcomm QCS610 Firmware | ||
| Qualcomm QCS610 Firmware | ||
| All of | ||
| Qualcomm Snapdragon 865 5G Firmware | ||
| Qualcomm Snapdragon 865 5G Firmware | ||
| All of | ||
| Qualcomm Snapdragon 8 Gen 1 Mobile Firmware | ||
| Qualcomm Snapdragon 8 Gen 1 Mobile Firmware | ||
| All of | ||
| Qualcomm Snapdragon 865 5G Mobile Firmware | ||
| Qualcomm Snapdragon 865 5G Mobile | ||
| All of | ||
| Qualcomm Snapdragon 865+ 5G Firmware | ||
| Qualcomm Snapdragon 865 | ||
| All of | ||
| Qualcomm Snapdragon 870 Firmware | ||
| Qualcomm Snapdragon 870 | ||
| All of | ||
| Qualcomm Snapdragon X55 Firmware | ||
| Qualcomm Snapdragon X55 Firmware | ||
| All of | ||
| Qualcomm Snapdragon XR2 5G Platform Firmware | ||
| Qualcomm Snapdragon XR2 5G | ||
| All of | ||
| Qualcomm SW5100P | ||
| Qualcomm SW5100P | ||
| All of | ||
| Qualcomm SW5100 Firmware | ||
| Qualcomm SW5100 Firmware | ||
| All of | ||
| qualcomm SXR2130P firmware | ||
| Qualcomm SXR2130 | ||
| All of | ||
| Qualcomm WCD9341 | ||
| Qualcomm WCD9341 Firmware | ||
| All of | ||
| Qualcomm WCD9370 Firmware | ||
| Qualcomm WCD9370 Firmware | ||
| All of | ||
| Qualcomm WCD9380 | ||
| Qualcomm WCD9380 Firmware | ||
| All of | ||
| Qualcomm WCN3660B | ||
| Qualcomm WCN3660B Firmware | ||
| All of | ||
| Qualcomm WCN3680B Firmware | ||
| Qualcomm WCN3680B Firmware | ||
| All of | ||
| Qualcomm WCN3950 Firmware | ||
| Qualcomm WCN3950 Firmware | ||
| All of | ||
| Qualcomm Wcn3980 | ||
| qualcomm wcn3980 firmware | ||
| All of | ||
| qualcomm wcn3988 firmware | ||
| Qualcomm WCN3988 | ||
| All of | ||
| Qualcomm WSA8810 | ||
| Qualcomm WSA8810 Firmware | ||
| All of | ||
| qualcomm wsa8815 firmware | ||
| qualcomm wsa8815 firmware | ||
| All of | ||
| Qualcomm WSA8830 | ||
| Qualcomm WSA8830 | ||
| All of | ||
| Qualcomm WSA8835 | ||
| Qualcomm WSA8835 Firmware | ||
| Qualcomm FastConnect 6800 Firmware | ||
| Qualcomm FastConnect 6800 Firmware | ||
| Qualcomm FastConnect 6900 Firmware | ||
| Qualcomm Fastconnect 6900 Firmware | ||
| Qualcomm Fastconnect 7800 Firmware | ||
| Qualcomm Fastconnect 7800 Firmware | ||
| Qualcomm QCA6391 Firmware | ||
| Qualcomm QCA6391 Firmware | ||
| Qualcomm QCA6426 Firmware | ||
| Qualcomm QCA6426 Firmware | ||
| Qualcomm QCA6436 Firmware | ||
| Qualcomm QCA6436 Firmware | ||
| Qualcomm QCN9074 Firmware | ||
| Qualcomm QCN9074 Firmware | ||
| Qualcomm QCS410 Firmware | ||
| Qualcomm QCS410 Firmware | ||
| Qualcomm QCS610 Firmware | ||
| Qualcomm QCS610 Firmware | ||
| Qualcomm Snapdragon 865 5G Firmware | ||
| Qualcomm Snapdragon 865 5G Firmware | ||
| Qualcomm Snapdragon 8 Gen 1 Mobile Firmware | ||
| Qualcomm Snapdragon 8 Gen 1 Mobile Firmware | ||
| Qualcomm Snapdragon 865 5G Mobile Firmware | ||
| Qualcomm Snapdragon 865 5G Mobile | ||
| Qualcomm Snapdragon 865+ 5G Firmware | ||
| Qualcomm Snapdragon 865 | ||
| Qualcomm Snapdragon 870 Firmware | ||
| Qualcomm Snapdragon 870 | ||
| Qualcomm Snapdragon X55 Firmware | ||
| Qualcomm Snapdragon X55 Firmware | ||
| Qualcomm Snapdragon XR2 5G Platform Firmware | ||
| Qualcomm Snapdragon XR2 5G | ||
| Qualcomm SW5100P | ||
| Qualcomm SW5100P | ||
| Qualcomm SW5100 Firmware | ||
| Qualcomm SW5100 Firmware | ||
| qualcomm SXR2130P firmware | ||
| Qualcomm SXR2130 | ||
| Qualcomm WCD9341 | ||
| Qualcomm WCD9341 Firmware | ||
| Qualcomm WCD9370 Firmware | ||
| Qualcomm WCD9370 Firmware | ||
| Qualcomm WCD9380 | ||
| Qualcomm WCD9380 Firmware | ||
| Qualcomm WCN3660B | ||
| Qualcomm WCN3660B Firmware | ||
| Qualcomm WCN3680B Firmware | ||
| Qualcomm WCN3680B Firmware | ||
| Qualcomm WCN3950 Firmware | ||
| Qualcomm WCN3950 Firmware | ||
| Qualcomm Wcn3980 | ||
| qualcomm wcn3980 firmware | ||
| qualcomm wcn3988 firmware | ||
| Qualcomm WCN3988 | ||
| Qualcomm WSA8810 | ||
| Qualcomm WSA8810 Firmware | ||
| qualcomm wsa8815 firmware | ||
| qualcomm wsa8815 firmware | ||
| Qualcomm WSA8830 | ||
| Qualcomm WSA8830 | ||
| Qualcomm WSA8835 | ||
| Qualcomm WSA8835 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-28577.
What is the severity of CVE-2023-28577?
The severity of CVE-2023-28577 is high with a severity value of 7.8.
Which software is affected by CVE-2023-28577?
Qualcomm Fastconnect 6800 Firmware, Qualcomm Fastconnect 6900 Firmware, Qualcomm Fastconnect 7800 Firmware, Qualcomm Qca6426 Firmware, Qualcomm Qca6436, Qualcomm Wcd9341 Firmware, Qualcomm Wcd9370 Firmware, Qualcomm Wcd9380, Qualcomm Sxr2130 Firmware, and Google Android are affected by CVE-2023-28577.
What is the description of CVE-2023-28577?
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used, allowing another thread to unmap the kernel va and causing a use-after-free (UAF) of the kernel address.
Where can I find more information about CVE-2023-28577?
You can find more information about CVE-2023-28577 on the Qualcomm Product Security Bulletin for August 2023.
- agent/type
- agent/references
- agent/title
- agent/weakness
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/qualcomm
- canonical/qualcomm fastconnect 6800 firmware
- canonical/qualcomm fastconnect 6900 firmware
- canonical/qualcomm fastconnect 7800 firmware
- canonical/qualcomm qca6391 firmware
- canonical/qualcomm qca6426 firmware
- canonical/qualcomm qca6436 firmware
- canonical/qualcomm qcn9074 firmware
- canonical/qualcomm qcs410 firmware
- canonical/qualcomm qcs610 firmware
- canonical/qualcomm snapdragon 865 5g firmware
- canonical/qualcomm snapdragon 8 gen 1 mobile firmware
- canonical/qualcomm snapdragon 865 5g mobile firmware
- canonical/qualcomm snapdragon 865 5g mobile
- canonical/qualcomm snapdragon 865+ 5g firmware
- canonical/qualcomm snapdragon 865
- canonical/qualcomm snapdragon 870 firmware
- canonical/qualcomm snapdragon 870
- canonical/qualcomm snapdragon x55 firmware
- canonical/qualcomm snapdragon xr2 5g platform firmware
- canonical/qualcomm snapdragon xr2 5g
- canonical/qualcomm sw5100p
- canonical/qualcomm sw5100 firmware
- canonical/qualcomm sxr2130p firmware
- canonical/qualcomm sxr2130
- canonical/qualcomm wcd9341
- canonical/qualcomm wcd9341 firmware
- canonical/qualcomm wcd9370 firmware
- canonical/qualcomm wcd9380
- canonical/qualcomm wcd9380 firmware
- canonical/qualcomm wcn3660b
- canonical/qualcomm wcn3660b firmware
- canonical/qualcomm wcn3680b firmware
- canonical/qualcomm wcn3950 firmware
- canonical/qualcomm wcn3980
- canonical/qualcomm wcn3980 firmware
- canonical/qualcomm wcn3988 firmware
- canonical/qualcomm wcn3988
- canonical/qualcomm wsa8810
- canonical/qualcomm wsa8810 firmware
- canonical/qualcomm wsa8815 firmware
- canonical/qualcomm wsa8830
- canonical/qualcomm wsa8835
- canonical/qualcomm wsa8835 firmware