BDU:2024-02635
Vulnerability from fstec - Published: 08.09.2023
VLAI Severity ?
Title
Уязвимость микропрограммного обеспечения встраиваемых плат Qualcomm, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями
Description
Уязвимость микропрограммного обеспечения встраиваемых плат Qualcomm связана со смещением указателя за границы выделенной памяти. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код с повышенными привилегиями с помощью команды IOCTL_KGSL_GPU_AUX_COMMAND
Severity ?
Vendor
Qualcomm Technologies Inc.
Software Name
SD 8 Gen1 5G, WCD9380, WSA8830, WSA8835, AR8035, CSRA6620, CSRA6640, SD660, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X55 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 750G 5G Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 7c+ Gen 3 Compute Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon AR2 Gen 1 Platform, Snapdragon X65 5G Modem-RF System, Snapdragon XR2+ Gen 1 Platform, 215 Mobile Platform, Qualcomm® Video Collaboration VC1 Platform, Qualcomm® Video Collaboration VC3 Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon Auto 5G Modem-RF, SA4155P, SA8770P, Snapdragon X12 LTE Modem, QCA6574, QCA6574A, QCA6574AU, Qualcomm® Video Collaboration VC5 Platform, SA4150P, SA8775P, FastConnect 6700, FastConnect 6900, FastConnect 7800, QCS4490, QCM4490, WCD9370, WCD9390, WCD9395, WCN3950, WCN6740, WSA8810, WSA8815, WSA8832, WSA8840, WSA8845, WSA8845H, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCM5430, QCM6490, QCM8550, QCN6024, QCN9012, QCN9024, QCS410, QCS5430, QCS610, QCS6490, QCS8550, SA6155P, SA8155P, SA8195P, SA8255P, SA8295P, SA9000P, SM8550P, SXR2230P, WCD9341, WCD9375, WCD9385, WCN3980, WCN3988, FastConnect 6200, FastConnect 6800, Flight RB5 5G Platform, QCA6174A, QCA6391, QCA6426, QCA6436, QCM2290, QCM4290, QCM4325, QCN9011, QCS2290, QCS4290, QCS7230, QCS8250, QRB5165M, QRB5165N, Robotics RB5 Platform, SA6145P, SA6150P, SA8145P, SA8150P, SD865 5G, SD888, SG4150P, SG8275P, SM4125, SM7250P, SM7315, SM7325P, Smart Audio 400 Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 439 Mobile Platform, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1230P, SXR2130, WCD9326, WCD9335, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3990, Snapdragon 660 Mobile Platform, QCA9377
Software Version
- (SD 8 Gen1 5G), - (WCD9380), - (WSA8830), - (WSA8835), - (AR8035), - (CSRA6620), - (CSRA6640), - (SD660), - (Snapdragon 865 5G Mobile Platform), - (Snapdragon 865+ 5G Mobile Platform (SM8250-AB)), - (Snapdragon 870 5G Mobile Platform (SM8250-AC)), - (Snapdragon W5+ Gen 1 Wearable Platform), - (Snapdragon X55 5G Modem-RF System), - (Snapdragon XR2 5G Platform), - (Snapdragon 8 Gen 1 Mobile Platform), - (Snapdragon 888 5G Mobile Platform), - (Snapdragon 888+ 5G Mobile Platform (SM8350-AC)), - (Snapdragon 765 5G Mobile Platform (SM7250-AA)), - (Snapdragon 765G 5G Mobile Platform (SM7250-AB)), - (Snapdragon 768G 5G Mobile Platform (SM7250-AC)), - (Snapdragon 4 Gen 1 Mobile Platform), - (Snapdragon 460 Mobile Platform), - (Snapdragon 480 5G Mobile Platform), - (Snapdragon 480+ 5G Mobile Platform (SM4350-AC)), - (Snapdragon 662 Mobile Platform), - (Snapdragon 680 4G Mobile Platform), - (Snapdragon 685 4G Mobile Platform (SM6225-AD)), - (Snapdragon 690 5G Mobile Platform), - (Snapdragon 695 5G Mobile Platform), - (Snapdragon 750G 5G Mobile Platform), - (Snapdragon 778G 5G Mobile Platform), - (Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)), - (Snapdragon 780G 5G Mobile Platform), - (Snapdragon 782G Mobile Platform (SM7325-AF)), - (Snapdragon 7c+ Gen 3 Compute Platform), - (Snapdragon 8+ Gen 1 Mobile Platform), - (Snapdragon AR2 Gen 1 Platform), - (Snapdragon X65 5G Modem-RF System), - (Snapdragon XR2+ Gen 1 Platform), - (215 Mobile Platform), - (Qualcomm® Video Collaboration VC1 Platform), - (Qualcomm® Video Collaboration VC3 Platform), - (Snapdragon 8 Gen 2 Mobile Platform), - (Snapdragon 8+ Gen 2 Mobile Platform), - (Snapdragon Auto 5G Modem-RF), - (SA4155P), - (SA8770P), - (Snapdragon X12 LTE Modem), - (QCA6574), - (QCA6574A), - (QCA6574AU), - (Qualcomm® Video Collaboration VC5 Platform), - (SA4150P), - (SA8775P), - (FastConnect 6700), - (FastConnect 6900), - (FastConnect 7800), - (QCS4490), - (QCM4490), - (WCD9370), - (WCD9390), - (WCD9395), - (WCN3950), - (WCN6740), - (WSA8810), - (WSA8815), - (WSA8832), - (WSA8840), - (WSA8845), - (WSA8845H), - (QAM8255P), - (QAM8295P), - (QAM8650P), - (QAM8775P), - (QCA6595), - (QCA6595AU), - (QCA6696), - (QCA6698AQ), - (QCA6797AQ), - (QCA8081), - (QCA8337), - (QCM5430), - (QCM6490), - (QCM8550), - (QCN6024), - (QCN9012), - (QCN9024), - (QCS410), - (QCS5430), - (QCS610), - (QCS6490), - (QCS8550), - (SA6155P), - (SA8155P), - (SA8195P), - (SA8255P), - (SA8295P), - (SA9000P), - (SM8550P), - (SXR2230P), - (WCD9341), - (WCD9375), - (WCD9385), - (WCN3980), - (WCN3988), - (FastConnect 6200), - (FastConnect 6800), - (Flight RB5 5G Platform), - (QCA6174A), - (QCA6391), - (QCA6426), - (QCA6436), - (QCM2290), - (QCM4290), - (QCM4325), - (QCN9011), - (QCS2290), - (QCS4290), - (QCS7230), - (QCS8250), - (QRB5165M), - (QRB5165N), - (Robotics RB5 Platform), - (SA6145P), - (SA6150P), - (SA8145P), - (SA8150P), - (SD865 5G), - (SD888), - (SG4150P), - (SG8275P), - (SM4125), - (SM7250P), - (SM7315), - (SM7325P), - (Smart Audio 400 Platform), - (Snapdragon 4 Gen 2 Mobile Platform), - (Snapdragon 439 Mobile Platform), - (SSG2115P), - (SSG2125P), - (SW5100), - (SW5100P), - (SXR1230P), - (SXR2130), - (WCD9326), - (WCD9335), - (WCN3615), - (WCN3660B), - (WCN3680B), - (WCN3910), - (WCN3990), - (Snapdragon 660 Mobile Platform), - (QCA9377)
Possible Mitigations
Использование рекомендаций:
https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2023-bulletin.html
Reference
https://source.android.com/docs/security/bulletin/2023-12-01?hl=ru
https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2023-bulletin.html
https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/1e46e81dbeb69aafd5842ce779f07e617680fd58
https://www.cybersecurity-help.cz/vdb/SB2023100477
https://www.bleepingcomputer.com/news/security/qualcomm-says-hackers-exploit-3-zero-days-in-its-gpu-dsp-drivers/
CWE
CWE-416, CWE-823
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Qualcomm Technologies Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (SD 8 Gen1 5G), - (WCD9380), - (WSA8830), - (WSA8835), - (AR8035), - (CSRA6620), - (CSRA6640), - (SD660), - (Snapdragon 865 5G Mobile Platform), - (Snapdragon 865+ 5G Mobile Platform (SM8250-AB)), - (Snapdragon 870 5G Mobile Platform (SM8250-AC)), - (Snapdragon W5+ Gen 1 Wearable Platform), - (Snapdragon X55 5G Modem-RF System), - (Snapdragon XR2 5G Platform), - (Snapdragon 8 Gen 1 Mobile Platform), - (Snapdragon 888 5G Mobile Platform), - (Snapdragon 888+ 5G Mobile Platform (SM8350-AC)), - (Snapdragon 765 5G Mobile Platform (SM7250-AA)), - (Snapdragon 765G 5G Mobile Platform (SM7250-AB)), - (Snapdragon 768G 5G Mobile Platform (SM7250-AC)), - (Snapdragon 4 Gen 1 Mobile Platform), - (Snapdragon 460 Mobile Platform), - (Snapdragon 480 5G Mobile Platform), - (Snapdragon 480+ 5G Mobile Platform (SM4350-AC)), - (Snapdragon 662 Mobile Platform), - (Snapdragon 680 4G Mobile Platform), - (Snapdragon 685 4G Mobile Platform (SM6225-AD)), - (Snapdragon 690 5G Mobile Platform), - (Snapdragon 695 5G Mobile Platform), - (Snapdragon 750G 5G Mobile Platform), - (Snapdragon 778G 5G Mobile Platform), - (Snapdragon 778G+ 5G Mobile Platform (SM7325-AE)), - (Snapdragon 780G 5G Mobile Platform), - (Snapdragon 782G Mobile Platform (SM7325-AF)), - (Snapdragon 7c+ Gen 3 Compute Platform), - (Snapdragon 8+ Gen 1 Mobile Platform), - (Snapdragon AR2 Gen 1 Platform), - (Snapdragon X65 5G Modem-RF System), - (Snapdragon XR2+ Gen 1 Platform), - (215 Mobile Platform), - (Qualcomm\u00ae Video Collaboration VC1 Platform), - (Qualcomm\u00ae Video Collaboration VC3 Platform), - (Snapdragon 8 Gen 2 Mobile Platform), - (Snapdragon 8+ Gen 2 Mobile Platform), - (Snapdragon Auto 5G Modem-RF), - (SA4155P), - (SA8770P), - (Snapdragon X12 LTE Modem), - (QCA6574), - (QCA6574A), - (QCA6574AU), - (Qualcomm\u00ae Video Collaboration VC5 Platform), - (SA4150P), - (SA8775P), - (FastConnect 6700), - (FastConnect 6900), - (FastConnect 7800), - (QCS4490), - (QCM4490), - (WCD9370), - (WCD9390), - (WCD9395), - (WCN3950), - (WCN6740), - (WSA8810), - (WSA8815), - (WSA8832), - (WSA8840), - (WSA8845), - (WSA8845H), - (QAM8255P), - (QAM8295P), - (QAM8650P), - (QAM8775P), - (QCA6595), - (QCA6595AU), - (QCA6696), - (QCA6698AQ), - (QCA6797AQ), - (QCA8081), - (QCA8337), - (QCM5430), - (QCM6490), - (QCM8550), - (QCN6024), - (QCN9012), - (QCN9024), - (QCS410), - (QCS5430), - (QCS610), - (QCS6490), - (QCS8550), - (SA6155P), - (SA8155P), - (SA8195P), - (SA8255P), - (SA8295P), - (SA9000P), - (SM8550P), - (SXR2230P), - (WCD9341), - (WCD9375), - (WCD9385), - (WCN3980), - (WCN3988), - (FastConnect 6200), - (FastConnect 6800), - (Flight RB5 5G Platform), - (QCA6174A), - (QCA6391), - (QCA6426), - (QCA6436), - (QCM2290), - (QCM4290), - (QCM4325), - (QCN9011), - (QCS2290), - (QCS4290), - (QCS7230), - (QCS8250), - (QRB5165M), - (QRB5165N), - (Robotics RB5 Platform), - (SA6145P), - (SA6150P), - (SA8145P), - (SA8150P), - (SD865 5G), - (SD888), - (SG4150P), - (SG8275P), - (SM4125), - (SM7250P), - (SM7315), - (SM7325P), - (Smart Audio 400 Platform), - (Snapdragon 4 Gen 2 Mobile Platform), - (Snapdragon 439 Mobile Platform), - (SSG2115P), - (SSG2125P), - (SW5100), - (SW5100P), - (SXR1230P), - (SXR2130), - (WCD9326), - (WCD9335), - (WCN3615), - (WCN3660B), - (WCN3680B), - (WCN3910), - (WCN3990), - (Snapdragon 660 Mobile Platform), - (QCA9377)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://docs.qualcomm.com/product/publicresources/securitybulletin/december-2023-bulletin.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.09.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.04.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.04.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02635",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-33106",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SD 8 Gen1 5G, WCD9380, WSA8830, WSA8835, AR8035, CSRA6620, CSRA6640, SD660, Snapdragon 865 5G Mobile Platform, Snapdragon 865+ 5G Mobile Platform (SM8250-AB), Snapdragon 870 5G Mobile Platform (SM8250-AC), Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon X55 5G Modem-RF System, Snapdragon XR2 5G Platform, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 888 5G Mobile Platform, Snapdragon 888+ 5G Mobile Platform (SM8350-AC), Snapdragon 765 5G Mobile Platform (SM7250-AA), Snapdragon 765G 5G Mobile Platform (SM7250-AB), Snapdragon 768G 5G Mobile Platform (SM7250-AC), Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 690 5G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 750G 5G Mobile Platform, Snapdragon 778G 5G Mobile Platform, Snapdragon 778G+ 5G Mobile Platform (SM7325-AE), Snapdragon 780G 5G Mobile Platform, Snapdragon 782G Mobile Platform (SM7325-AF), Snapdragon 7c+ Gen 3 Compute Platform, Snapdragon 8+ Gen 1 Mobile Platform, Snapdragon AR2 Gen 1 Platform, Snapdragon X65 5G Modem-RF System, Snapdragon XR2+ Gen 1 Platform, 215 Mobile Platform, Qualcomm\u00ae Video Collaboration VC1 Platform, Qualcomm\u00ae Video Collaboration VC3 Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon Auto 5G Modem-RF, SA4155P, SA8770P, Snapdragon X12 LTE Modem, QCA6574, QCA6574A, QCA6574AU, Qualcomm\u00ae Video Collaboration VC5 Platform, SA4150P, SA8775P, FastConnect 6700, FastConnect 6900, FastConnect 7800, QCS4490, QCM4490, WCD9370, WCD9390, WCD9395, WCN3950, WCN6740, WSA8810, WSA8815, WSA8832, WSA8840, WSA8845, WSA8845H, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCM5430, QCM6490, QCM8550, QCN6024, QCN9012, QCN9024, QCS410, QCS5430, QCS610, QCS6490, QCS8550, SA6155P, SA8155P, SA8195P, SA8255P, SA8295P, SA9000P, SM8550P, SXR2230P, WCD9341, WCD9375, WCD9385, WCN3980, WCN3988, FastConnect 6200, FastConnect 6800, Flight RB5 5G Platform, QCA6174A, QCA6391, QCA6426, QCA6436, QCM2290, QCM4290, QCM4325, QCN9011, QCS2290, QCS4290, QCS7230, QCS8250, QRB5165M, QRB5165N, Robotics RB5 Platform, SA6145P, SA6150P, SA8145P, SA8150P, SD865 5G, SD888, SG4150P, SG8275P, SM4125, SM7250P, SM7315, SM7325P, Smart Audio 400 Platform, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 439 Mobile Platform, SSG2115P, SSG2125P, SW5100, SW5100P, SXR1230P, SXR2130, WCD9326, WCD9335, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3990, Snapdragon 660 Mobile Platform, QCA9377",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Google Inc Android - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043f\u043b\u0430\u0442 Qualcomm, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416), \u0421\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f \u0437\u0430 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0435 \u0433\u0440\u0430\u043d\u0438\u0446\u044b (CWE-823)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043f\u043b\u0430\u0442 Qualcomm \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441\u043e \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u0435\u043c \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u043c\u0430\u043d\u0434\u044b IOCTL_KGSL_GPU_AUX_COMMAND",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://source.android.com/docs/security/bulletin/2023-12-01?hl=ru\nhttps://docs.qualcomm.com/product/publicresources/securitybulletin/december-2023-bulletin.html\nhttps://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/1e46e81dbeb69aafd5842ce779f07e617680fd58\nhttps://www.cybersecurity-help.cz/vdb/SB2023100477\nhttps://www.bleepingcomputer.com/news/security/qualcomm-says-hackers-exploit-3-zero-days-in-its-gpu-dsp-drivers/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416, CWE-823",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,4)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…