BDU:2024-04263

Vulnerability from fstec - Published: 02.10.2023
VLAI Severity ?
Title
Уязвимость функции fastrpc_internal_mem_unmap() службы DSP микропрограммного обеспечения встраиваемых плат Qualcomm, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции fastrpc_internal_mem_unmap() службы DSP микропрограммного обеспечения встраиваемых плат Qualcomm связана с использованием памяти после ее освобождения. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код
Severity ?
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor
Qualcomm Technologies Inc.
Software Name
WCD9380, WSA8830, WSA8835, AR8035, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 695 5G Mobile Platform, Qualcomm® Video Collaboration VC3 Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon X75 5G Modem-RF System, QCA6574, QCA6574A, QCA6574AU, Qualcomm® Video Collaboration VC5 Platform, FastConnect 6700, FastConnect 6900, FastConnect 7800, WCD9370, WCD9390, WCD9395, WCN3950, WSA8810, WSA8815, WSA8840, WSA8845, WSA8845H, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCC710, QCM6490, QCM8550, QCN6224, QCN6274, QCS6490, QCS8550, QFW7114, QFW7124, SA6155P, SA8155P, SA8195P, SA8255P, SA8295P, SM8550P, WCD9340, WCD9375, WCD9385, WCN3980, WCN3988, FastConnect 6200, Flight RB5 5G Platform, QCA6391, QCM4325, QCS7230, QCS8250, QDU1000, QDU1010, QDU1110, QDU1210, QDX1010, QDX1011, QRB5165N, QRU1032, QRU1052, QRU1062, Robotics RB5 Platform, SG4150P, SG8275P, SW5100, SW5100P
Software Version
- (WCD9380), - (WSA8830), - (WSA8835), - (AR8035), - (Snapdragon W5+ Gen 1 Wearable Platform), - (Snapdragon 4 Gen 1 Mobile Platform), - (Snapdragon 480 5G Mobile Platform), - (Snapdragon 480+ 5G Mobile Platform (SM4350-AC)), - (Snapdragon 680 4G Mobile Platform), - (Snapdragon 685 4G Mobile Platform (SM6225-AD)), - (Snapdragon 695 5G Mobile Platform), - (Qualcomm® Video Collaboration VC3 Platform), - (Snapdragon 8 Gen 2 Mobile Platform), - (Snapdragon 8+ Gen 2 Mobile Platform), - (Snapdragon X75 5G Modem-RF System), - (QCA6574), - (QCA6574A), - (QCA6574AU), - (Qualcomm® Video Collaboration VC5 Platform), - (FastConnect 6700), - (FastConnect 6900), - (FastConnect 7800), - (WCD9370), - (WCD9390), - (WCD9395), - (WCN3950), - (WSA8810), - (WSA8815), - (WSA8840), - (WSA8845), - (WSA8845H), - (QAM8255P), - (QAM8295P), - (QAM8650P), - (QAM8775P), - (QCA6595), - (QCA6595AU), - (QCA6696), - (QCA6698AQ), - (QCA6797AQ), - (QCA8081), - (QCA8337), - (QCC710), - (QCM6490), - (QCM8550), - (QCN6224), - (QCN6274), - (QCS6490), - (QCS8550), - (QFW7114), - (QFW7124), - (SA6155P), - (SA8155P), - (SA8195P), - (SA8255P), - (SA8295P), - (SM8550P), - (WCD9340), - (WCD9375), - (WCD9385), - (WCN3980), - (WCN3988), - (FastConnect 6200), - (Flight RB5 5G Platform), - (QCA6391), - (QCM4325), - (QCS7230), - (QCS8250), - (QDU1000), - (QDU1010), - (QDU1110), - (QDU1210), - (QDX1010), - (QDX1011), - (QRB5165N), - (QRU1032), - (QRU1052), - (QRU1062), - (Robotics RB5 Platform), - (SG4150P), - (SG8275P), - (SW5100), - (SW5100P)
Possible Mitigations
Использование рекомендаций: Для продуктов Qualcomm Technologies, Inc.: https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2024-bulletin.html https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/b1f71f187b5fee55fba5ca529facc3ac13d9f4af Для Android https://source.android.com/docs/security/bulletin/2024-01-01?hl=ru
Reference
https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2024-bulletin.html https://source.android.com/docs/security/bulletin/2024-01-01?hl=ru
CWE
CWE-416
To clipboard 

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Qualcomm Technologies Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (WCD9380), - (WSA8830), - (WSA8835), - (AR8035), - (Snapdragon W5+ Gen 1 Wearable Platform), - (Snapdragon 4 Gen 1 Mobile Platform), - (Snapdragon 480 5G Mobile Platform), - (Snapdragon 480+ 5G Mobile Platform (SM4350-AC)), - (Snapdragon 680 4G Mobile Platform), - (Snapdragon 685 4G Mobile Platform (SM6225-AD)), - (Snapdragon 695 5G Mobile Platform), - (Qualcomm\u00ae Video Collaboration VC3 Platform), - (Snapdragon 8 Gen 2 Mobile Platform), - (Snapdragon 8+ Gen 2 Mobile Platform), - (Snapdragon X75 5G Modem-RF System), - (QCA6574), - (QCA6574A), - (QCA6574AU), - (Qualcomm\u00ae Video Collaboration VC5 Platform), - (FastConnect 6700), - (FastConnect 6900), - (FastConnect 7800), - (WCD9370), - (WCD9390), - (WCD9395), - (WCN3950), - (WSA8810), - (WSA8815), - (WSA8840), - (WSA8845), - (WSA8845H), - (QAM8255P), - (QAM8295P), - (QAM8650P), - (QAM8775P), - (QCA6595), - (QCA6595AU), - (QCA6696), - (QCA6698AQ), - (QCA6797AQ), - (QCA8081), - (QCA8337), - (QCC710), - (QCM6490), - (QCM8550), - (QCN6224), - (QCN6274), - (QCS6490), - (QCS8550), - (QFW7114), - (QFW7124), - (SA6155P), - (SA8155P), - (SA8195P), - (SA8255P), - (SA8295P), - (SM8550P), - (WCD9340), - (WCD9375), - (WCD9385), - (WCN3980), - (WCN3988), - (FastConnect 6200), - (Flight RB5 5G Platform), - (QCA6391), - (QCM4325), - (QCS7230), - (QCS8250), - (QDU1000), - (QDU1010), - (QDU1110), - (QDU1210), - (QDX1010), - (QDX1011), - (QRB5165N), - (QRU1032), - (QRU1052), - (QRU1062), - (Robotics RB5 Platform), - (SG4150P), - (SG8275P), - (SW5100), - (SW5100P)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Qualcomm Technologies, Inc.:\nhttps://docs.qualcomm.com/product/publicresources/securitybulletin/january-2024-bulletin.html\nhttps://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/b1f71f187b5fee55fba5ca529facc3ac13d9f4af\n\n\u0414\u043b\u044f Android\nhttps://source.android.com/docs/security/bulletin/2024-01-01?hl=ru",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.10.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "31.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "31.05.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-04263",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-43514",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "WCD9380, WSA8830, WSA8835, AR8035, Snapdragon W5+ Gen 1 Wearable Platform, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform (SM4350-AC), Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform (SM6225-AD), Snapdragon 695 5G Mobile Platform, Qualcomm\u00ae Video Collaboration VC3 Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon X75 5G Modem-RF System, QCA6574, QCA6574A, QCA6574AU, Qualcomm\u00ae Video Collaboration VC5 Platform, FastConnect 6700, FastConnect 6900, FastConnect 7800, WCD9370, WCD9390, WCD9395, WCN3950, WSA8810, WSA8815, WSA8840, WSA8845, WSA8845H, QAM8255P, QAM8295P, QAM8650P, QAM8775P, QCA6595, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA8081, QCA8337, QCC710, QCM6490, QCM8550, QCN6224, QCN6274, QCS6490, QCS8550, QFW7114, QFW7124, SA6155P, SA8155P, SA8195P, SA8255P, SA8295P, SM8550P, WCD9340, WCD9375, WCD9385, WCN3980, WCN3988, FastConnect 6200, Flight RB5 5G Platform, QCA6391, QCM4325, QCS7230, QCS8250, QDU1000, QDU1010, QDU1110, QDU1210, QDX1010, QDX1011, QRB5165N, QRU1032, QRU1052, QRU1062, Robotics RB5 Platform, SG4150P, SG8275P, SW5100, SW5100P",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Google Inc Android - ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 fastrpc_internal_mem_unmap() \u0441\u043b\u0443\u0436\u0431\u044b DSP \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043f\u043b\u0430\u0442 Qualcomm, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 fastrpc_internal_mem_unmap() \u0441\u043b\u0443\u0436\u0431\u044b DSP \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043f\u043b\u0430\u0442 Qualcomm \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2024-bulletin.html\nhttps://source.android.com/docs/security/bulletin/2024-01-01?hl=ru",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,4)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.