CVE-2023-43514 – Use After Free in DSP Services (3rd JAN 2024)

Preface: Is Qualcomm Snapdragon based on Arm? Based on its brand-new ARM CPU core ‘Oryon’, developed from its Nuvia acquisition, Qualcomm’s Snapdragon X Elite SoC is built on TSMC’s 4nm process node. The CPU uses ARM’s 8.7 instruction set and features 12 high-performance ‘Oryon’ cores clocked at 3.8GHz.

Background: How to call ioctl from user space? To invoke ioctl commands of a device, the user-space program would open the device first, then send the appropriate ioctl() and any necessary arguments. static int mydrvr_ioctl (struct inode *inode, struct file *filp, unsigned int cmd, unsigned long arg);

Ref: A kbase_context object is responsible for managing resources for each driver file that is opened and is unique for each file handle. In particular, the kbase_context manages different types of memory that are shared between the GPU devices and user space applications.

Ref: DSPs are optimized in two key areas compared to classic CPUs. They accelerate common DSP mathematical operations in hardware and boast specific memory architectures designed for real-time data streams. A DSP is designed for performing mathematical functions like “add”, “subtract”, “multiply” and “divide” very quickly.

Vulnerability details: Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.

Consequence: Use After Free vulnerability in DSP Services

Official announcement: Please refer to the link for details –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.