In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2024-08-02T13:43:23.051Z

Reserved: 2023-03-17T11:41:45.851Z

Link: CVE-2023-28577

cve-icon Vulnrichment

Updated: 2024-07-11T20:32:05.287Z

cve-icon NVD

Status : Modified

Published: 2023-08-08T10:15:14.760

Modified: 2024-11-21T07:55:34.353

Link: CVE-2023-28577

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.