Preface: Is Qualcomm Snapdragon based on Arm? Based on its brand-new ARM CPU core ‘Oryon’, developed from its Nuvia acquisition, Qualcomm’s Snapdragon X Elite SoC is built on TSMC’s 4nm process node. The CPU uses ARM’s 8.7 instruction set and features 12 high-performance ‘Oryon’ cores clocked at 3.8GHz.

Background: How to call ioctl from user space? To invoke ioctl commands of a device, the user-space program would open the device first, then send the appropriate ioctl() and any necessary arguments. static int mydrvr_ioctl (struct inode *inode, struct file *filp, unsigned int cmd, unsigned long arg);

Ref: A kbase_context object is responsible for managing resources for each driver file that is opened and is unique for each file handle. In particular, the kbase_context manages different types of memory that are shared between the GPU devices and user space applications.

Ref: DSPs are optimized in two key areas compared to classic CPUs. They accelerate common DSP mathematical operations in hardware and boast specific memory architectures designed for real-time data streams. A DSP is designed for performing mathematical functions like “add”, “subtract”, “multiply” and “divide” very quickly.

Vulnerability details: Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.

Consequence: Use After Free vulnerability in DSP Services

Official announcement: Please refer to the link for details – https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2024-bulletin.html