CVE-2023-43540
📋 TL;DR
This CVE describes a memory corruption vulnerability in Qualcomm's FM HCI driver when processing IOCTL WRITE requests. Attackers could exploit this to execute arbitrary code or cause denial of service on affected devices. The vulnerability affects devices with Qualcomm chipsets that use the vulnerable FM HCI driver.
💻 Affected Systems
- Qualcomm chipsets with FM HCI driver
📦 What is this software?
Snapdragon 7c Gen 2 Compute Firmware by Qualcomm
View all CVEs affecting Snapdragon 7c Gen 2 Compute Firmware →
Snapdragon 7c\+ Gen 3 Compute Firmware by Qualcomm
View all CVEs affecting Snapdragon 7c\+ Gen 3 Compute Firmware →
Snapdragon 8cx Compute Firmware by Qualcomm
Snapdragon 8cx Gen 2 5g Firmware by Qualcomm
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.
Likely Case
Local privilege escalation allowing attackers to gain elevated privileges on the device, potentially leading to data access or further system compromise.
If Mitigated
Denial of service through system crash or instability if memory corruption cannot be leveraged for code execution.
🎯 Exploit Status
Exploitation requires sending crafted IOCTL requests to the FM HCI driver, which typically requires some level of access to the device. The CWE-120 (Buffer Copy without Checking Size of Input) suggests a classic buffer overflow vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches included in March 2024 Qualcomm security bulletin
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
Restart Required: Yes
Instructions:
1. Check device manufacturer for security updates. 2. Apply March 2024 or later Qualcomm security patches. 3. Update device firmware to latest version. 4. Reboot device after update.
🔧 Temporary Workarounds
Disable FM HCI driver if unused
linuxRemove or disable the vulnerable FM HCI driver if FM radio functionality is not required
rmmod fm_hci
modprobe -r fm_hci
Restrict IOCTL access
linuxUse SELinux or similar MAC systems to restrict access to FM HCI driver IOCTLs
setenforce 1
Configure SELinux policies to restrict fm_hci device access
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from accessing device drivers
- Monitor for unusual IOCTL requests to FM HCI driver and implement intrusion detection
🔍 How to Verify
Check if Vulnerable:
Check Qualcomm chipset version and driver versions against March 2024 security bulletin. Use: lsmod | grep fm_hci to check if driver is loaded.Check Version:
getprop ro.build.version.security_patch (Android) or check /sys/class/fm_hci/versionVerify Fix Applied:
Verify device has March 2024 or later security patches installed. Check driver version after update.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Driver crash messages in dmesg
- Unusual IOCTL requests to /dev/fm_hci
Network Indicators:
- Not applicable - local driver vulnerability
SIEM Query:
source="kernel" AND ("fm_hci" OR "FM HCI") AND ("panic" OR "crash" OR "buffer overflow")