Vulnerability Details CVE-2023-28577
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.7%
CVSS Severity
CVSS v3 Score 6.7
References
Products affected by CVE-2023-28577
-
cpe:2.3:h:qualcomm:fastconnect_6800:-
-
cpe:2.3:h:qualcomm:fastconnect_6900:-
-
cpe:2.3:h:qualcomm:fastconnect_7800:-
-
cpe:2.3:h:qualcomm:qca6391:-
-
cpe:2.3:h:qualcomm:qca6426:-
-
cpe:2.3:h:qualcomm:qca6436:-
-
cpe:2.3:h:qualcomm:qcn9074:-
-
cpe:2.3:h:qualcomm:qcs410:-
-
cpe:2.3:h:qualcomm:qcs610:-
-
cpe:2.3:h:qualcomm:sd865_5g:-
-
cpe:2.3:h:qualcomm:snapdragon_865+_5g:-
-
cpe:2.3:h:qualcomm:snapdragon_865_5g:-
-
cpe:2.3:h:qualcomm:snapdragon_870_5g:-
-
cpe:2.3:h:qualcomm:snapdragon_8_gen_1:-
-
cpe:2.3:h:qualcomm:snapdragon_x55_5g:-
-
cpe:2.3:h:qualcomm:snapdragon_xr2_5g:-
-
cpe:2.3:h:qualcomm:sw5100:-
-
cpe:2.3:h:qualcomm:sw5100p:-
-
cpe:2.3:h:qualcomm:sxr2130:-
-
cpe:2.3:h:qualcomm:wcd9341:-
-
cpe:2.3:h:qualcomm:wcd9370:-
-
cpe:2.3:h:qualcomm:wcd9380:-
-
cpe:2.3:h:qualcomm:wcn3660b:-
-
cpe:2.3:h:qualcomm:wcn3680b:-
-
cpe:2.3:h:qualcomm:wcn3950:-
-
cpe:2.3:h:qualcomm:wcn3980:-
-
cpe:2.3:h:qualcomm:wcn3988:-
-
cpe:2.3:h:qualcomm:wsa8810:-
-
cpe:2.3:h:qualcomm:wsa8815:-
-
cpe:2.3:h:qualcomm:wsa8830:-
-
cpe:2.3:h:qualcomm:wsa8835:-
-
cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-
-
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-
-
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-
-
cpe:2.3:o:qualcomm:qca6391_firmware:-
-
cpe:2.3:o:qualcomm:qca6426_firmware:-
-
cpe:2.3:o:qualcomm:qca6436_firmware:-
-
cpe:2.3:o:qualcomm:qcn9074_firmware:-
-
cpe:2.3:o:qualcomm:qcs410_firmware:-
-
cpe:2.3:o:qualcomm:qcs610_firmware:-
-
cpe:2.3:o:qualcomm:sd865_5g_firmware:-
-
cpe:2.3:o:qualcomm:snapdragon_865+_5g_firmware:-
-
cpe:2.3:o:qualcomm:snapdragon_865_5g_firmware:-
-
cpe:2.3:o:qualcomm:snapdragon_870_5g_firmware:-
-
cpe:2.3:o:qualcomm:snapdragon_8_gen_1_firmware:-
-
cpe:2.3:o:qualcomm:snapdragon_x55_5g_firmware:-
-
cpe:2.3:o:qualcomm:snapdragon_xr2_5g_firmware:-
-
cpe:2.3:o:qualcomm:sw5100_firmware:-
-
cpe:2.3:o:qualcomm:sw5100p_firmware:-
-
cpe:2.3:o:qualcomm:sxr2130_firmware:-
-
cpe:2.3:o:qualcomm:wcd9341_firmware:-
-
cpe:2.3:o:qualcomm:wcd9370_firmware:-
-
cpe:2.3:o:qualcomm:wcd9380_firmware:-
-
cpe:2.3:o:qualcomm:wcn3660b_firmware:-
-
cpe:2.3:o:qualcomm:wcn3680b_firmware:-
-
cpe:2.3:o:qualcomm:wcn3950_firmware:-
-
cpe:2.3:o:qualcomm:wcn3980_firmware:-
-
cpe:2.3:o:qualcomm:wcn3988_firmware:-
-
cpe:2.3:o:qualcomm:wsa8810_firmware:-
-
cpe:2.3:o:qualcomm:wsa8815_firmware:-
-
cpe:2.3:o:qualcomm:wsa8830_firmware:-
-
cpe:2.3:o:qualcomm:wsa8835_firmware:-