Bug 1212971 (CVE-2023-22387)

Summary: VUL-0: CVE-2023-22387: kernel: arbitrary memory overwrite in VM during TX in Qualcomm IPC
Product: [Novell Products] SUSE Security Incidents Reporter: Carlos López <carlos.lopez>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: afaerber, chester.lin, ddavis, denis.kirjanov, hare, ivan.ivanov, jcheung, mbenes, meissner, mhocko, mkoutny, pmladek, rfrohl, security-team, stanimir.varbanov, vasant.karasulli
Version: unspecifiedFlags: mhocko: needinfo? (hare)
Target Milestone: ---   
Hardware: aarch64   
OS: Other   
URL: https://smash.suse.de/issue/371182/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-22387:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Carlos López 2023-07-04 07:59:34 UTC 
CVE-2023-22387

Arbitrary memory overwrite when VM gets compromised in TX write leading to
Memory Corruption.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22387
https://www.cve.org/CVERecord?id=CVE-2023-22387
https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin
Comment 1 Carlos López 2023-07-04 08:01:04 UTC 
The fixes listed in the Qualcomm advisory are the following:
https://git.codelinaro.org/clo/la/kernel/msm-5.10/-/commit/32d9c3a2f2b6a4d1fc48d6871194f3faf3184e8b
https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/b72d8ee2a07cca1a6cfc767b3f4ddc13eb98921c
https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/ef5cf9b985287d218edc24ba2276f2c7f48b4561
https://git.codelinaro.org/clo/la/kernel/msm-4.9/-/commit/ca542764e0dd73b5ddc2b2a23401b2b1168c90e2

We do not have these files in our code, but we have the Qualcomm Glink SMEM driver (drivers/rpmsg/qcom_glink_smem.c) and its code looks awfully similar. Could you take a look?
Comment 4 Hannes Reinecke 2023-07-04 09:58:25 UTC 
Hmm. Sure we could, but then: do we actually have customers with this chip?
I'd rather file an ECO to get it disabled, as this particular chip is just found in Qualcomm Snapdragon, which to my knowledge it just found in mobile devices.
Comment 25 Marcus Meissner 2024-04-30 08:51:29 UTC 
We cant find any sufficient relevant information, so we cannot work on this bug.

None seems forthcoming.

Closing for now.