CVE-2024-23354 Memory corruption when the IOCTL call is interrupted by a signal. (24May 2024)

Originally published on May 6, 2024

Preface: The Snapdragon 8 Gen 2 Mobile Platform defines a new premium standard for connected computing. Intelligently engineered with groundbreaking AI across the board, this AI marvel enables truly extraordinary experiences.

Background: A vertex buffer object (VBO) is an OpenGL feature that provides methods for uploading vertex data (position, normal vector, color, etc.) to the video device for non-immediate-mode rendering.

KGSL allocates GPU-shared memory from its own page pool. A VBO is a buffer of memory which the gpu can access. That’s all it is. A VAO is an object that stores vertex bindings. This means that when you call glVertexAttribPointer and friends to describe your vertex format that format information gets stored into the currently bound VAO.

Vulnerability details: Memory corruption when the IOCTL call is interrupted by a signal.

Remedy: The VBO bind operation is often synchronous, and needs to be waited on by the ioctl thread. Allocate the completion struct used to synchronize between the ioctl and bind operation on the heap for simplicity.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2024-23354

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.