Bugzilla – Bug 1212971
VUL-0: CVE-2023-22387: kernel: arbitrary memory overwrite in VM during TX in Qualcomm IPC
Last modified: 2024-05-02 14:53:01 UTC
CVE-2023-22387 Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22387 https://www.cve.org/CVERecord?id=CVE-2023-22387 https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin
The fixes listed in the Qualcomm advisory are the following: https://git.codelinaro.org/clo/la/kernel/msm-5.10/-/commit/32d9c3a2f2b6a4d1fc48d6871194f3faf3184e8b https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/b72d8ee2a07cca1a6cfc767b3f4ddc13eb98921c https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/ef5cf9b985287d218edc24ba2276f2c7f48b4561 https://git.codelinaro.org/clo/la/kernel/msm-4.9/-/commit/ca542764e0dd73b5ddc2b2a23401b2b1168c90e2 We do not have these files in our code, but we have the Qualcomm Glink SMEM driver (drivers/rpmsg/qcom_glink_smem.c) and its code looks awfully similar. Could you take a look?
Hmm. Sure we could, but then: do we actually have customers with this chip? I'd rather file an ECO to get it disabled, as this particular chip is just found in Qualcomm Snapdragon, which to my knowledge it just found in mobile devices.
We cant find any sufficient relevant information, so we cannot work on this bug. None seems forthcoming. Closing for now.