CVE-2023-43546
📋 TL;DR
This vulnerability allows memory corruption when invoking the HGSL IOCTL context create function in Qualcomm GPU drivers. Attackers could potentially execute arbitrary code with kernel privileges. Affected systems include devices using vulnerable Qualcomm GPU drivers.
💻 Affected Systems
- Qualcomm Adreno GPU drivers
- Devices with Qualcomm Snapdragon processors
📦 What is this software?
Snapdragon 4 Gen 1 Mobile Firmware by Qualcomm
View all CVEs affecting Snapdragon 4 Gen 1 Mobile Firmware →
Snapdragon 480 5g Mobile Firmware by Qualcomm
Snapdragon 480 5g Mobile Firmware by Qualcomm
Snapdragon 680 4g Mobile Firmware by Qualcomm
Snapdragon 685 4g Mobile Firmware by Qualcomm
Snapdragon 695 5g Mobile Firmware by Qualcomm
Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Firmware →
Snapdragon 8 Gen 2 Mobile Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 2 Mobile Firmware →
Snapdragon Auto 5g Modem Rf Firmware by Qualcomm
View all CVEs affecting Snapdragon Auto 5g Modem Rf Firmware →
Snapdragon Auto 5g Modem Rf Gen 2 Firmware by Qualcomm
View all CVEs affecting Snapdragon Auto 5g Modem Rf Gen 2 Firmware →
Snapdragon W5\+ Gen 1 Wearable Firmware by Qualcomm
View all CVEs affecting Snapdragon W5\+ Gen 1 Wearable Firmware →
Snapdragon X35 5g Modem Rf Firmware by Qualcomm
View all CVEs affecting Snapdragon X35 5g Modem Rf Firmware →
Snapdragon X75 5g Modem Rf Firmware by Qualcomm
View all CVEs affecting Snapdragon X75 5g Modem Rf Firmware →
Video Collaboration Vc1 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc1 Platform Firmware →
Video Collaboration Vc3 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc3 Platform Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with kernel-level code execution, allowing complete control over the device, data theft, and persistence.
Likely Case
Local privilege escalation from a compromised user application to kernel privileges, enabling further system exploitation.
If Mitigated
Limited impact with proper kernel hardening, SELinux/AppArmor policies, and restricted user access to GPU devices.
🎯 Exploit Status
Requires local access and ability to interact with GPU device interface. Memory corruption vulnerabilities often lead to reliable exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Qualcomm March 2024 security bulletin for specific patched driver versions.
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin
Restart Required: Yes
Instructions:
1. Check device manufacturer for firmware/OS updates. 2. Apply Qualcomm GPU driver updates from device vendor. 3. Reboot device after update installation.
🔧 Temporary Workarounds
Restrict GPU device access
linuxLimit access to GPU device nodes to prevent user applications from triggering the vulnerable IOCTL.
chmod 600 /dev/kgsl-3d0
setenforce 1 (if using SELinux)
🧯 If You Can't Patch
- Implement strict application sandboxing to prevent untrusted apps from accessing GPU interfaces.
- Use kernel hardening features like SELinux/AppArmor with restrictive policies for GPU device access.
🔍 How to Verify
Check if Vulnerable:
Check GPU driver version against Qualcomm's March 2024 bulletin. Command: 'dmesg | grep -i adreno' or check /sys/class/kgsl/kgsl-3d0/version.Check Version:
cat /sys/class/kgsl/kgsl-3d0/version 2>/dev/null || dmesg | grep -i 'adreno.*version'Verify Fix Applied:
Verify updated GPU driver version matches patched version from Qualcomm advisory.📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing GPU driver crashes or memory corruption errors
- Suspicious IOCTL calls to GPU device nodes
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("kgsl" OR "adreno" OR "GPU") AND ("corruption" OR "panic" OR "oops")