About Qualcomm CVE-2024-4304 – Stack-based Buffer Overflow in Performance (5 Dec 2024)

Preface: Primitive types such as `int`, `double`, `char`, and `boolean` are stored directly in stack memory. Each time you declare a primitive variable, the JVM allocates a specific size of memory for it.

Background: Returns the available average/minimum GPU headroom in percentage for last ‘duration’ seconds. The get_gpu_headroom() API is used by applications to get feedback on the historical application rendering workload to know if the workload is GPU bound on the SoC. The purpose of this API is to help provide GPU performance information for the application content and help drive the workload, and other APIs to ensure smooth and sustained UX performance (minimize frame drops, reduce UI sluggishness). The application can monitor thermal. If the mobile device is approaching thermal limits; it can further check if the workload is GPU bound to decide if reducing the GPU load helps to reduce thermal status (<= LIGHT) and hence improve sustained performance.

Vulnerability details: Memory corruption when invalid input is passed to invoke GPU Headroom API call.

Remark: A stackbased buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack.

Official announcement: Please see the link below for details –

https://nvd.nist.gov/vuln/detail/CVE-2024-43048

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.