CVE-2024-23381
📋 TL;DR
This vulnerability involves memory corruption when GPU SMMU fails to unmap memory mapped in a Vertex Buffer Object (VBO), potentially allowing attackers to execute arbitrary code or cause denial of service. It affects devices with Qualcomm GPUs that use the vulnerable SMMU implementation. This primarily impacts mobile devices, IoT devices, and embedded systems using affected Qualcomm chipsets.
💻 Affected Systems
- Qualcomm Adreno GPU-based devices
- Smartphones with Qualcomm Snapdragon processors
- IoT devices with Qualcomm chipsets
- Embedded systems using Qualcomm GPUs
📦 What is this software?
Snapdragon 4 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 4 Gen 1 Mobile Platform Firmware →
Snapdragon 480 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 480 5g Mobile Platform Firmware →
Snapdragon 480\+ 5g Mobile Platform \(sm4350 Ac\) Firmware by Qualcomm
View all CVEs affecting Snapdragon 480\+ 5g Mobile Platform \(sm4350 Ac\) Firmware →
Snapdragon 695 5g Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 695 5g Mobile Platform Firmware →
Snapdragon 8 Gen 1 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 1 Mobile Platform Firmware →
Snapdragon 8 Gen 3 Mobile Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon 8 Gen 3 Mobile Platform Firmware →
Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm
View all CVEs affecting Snapdragon W5\+ Gen 1 Wearable Platform Firmware →
Video Collaboration Vc1 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc1 Platform Firmware →
Video Collaboration Vc3 Platform Firmware by Qualcomm
View all CVEs affecting Video Collaboration Vc3 Platform Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing arbitrary code execution with kernel privileges, potentially leading to complete device takeover, data exfiltration, or persistent backdoor installation.
Likely Case
Local privilege escalation from user to kernel space, application crashes, or denial of service affecting GPU functionality and system stability.
If Mitigated
Limited impact with proper isolation and sandboxing, potentially causing only application crashes without privilege escalation.
🎯 Exploit Status
Exploitation requires detailed knowledge of GPU memory management and SMMU operations; likely requires local access and specific GPU operations to trigger.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Qualcomm August 2024 security bulletin for specific chipset firmware updates
Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html
Restart Required: Yes
Instructions:
1. Check device manufacturer for security updates
2. Apply Qualcomm-provided firmware updates for affected chipsets
3. Update GPU drivers to patched versions
4. Reboot device after update installation
🔧 Temporary Workarounds
Restrict GPU access
allLimit applications with GPU access to trusted sources only and implement strict sandboxing
Monitor GPU operations
linuxImplement monitoring for abnormal GPU memory operations and SMMU access patterns
🧯 If You Can't Patch
- Implement strict application sandboxing and privilege separation
- Monitor for abnormal GPU memory usage patterns and system crashes
🔍 How to Verify
Check if Vulnerable:
Check device chipset against Qualcomm August 2024 security bulletin; examine GPU driver and firmware versionsCheck Version:
For Android: 'getprop ro.boot.hardware' and 'getprop ro.build.version.security_patch'; For Linux: check GPU driver version in system logsVerify Fix Applied:
Verify GPU firmware and driver versions match patched versions specified in Qualcomm advisory📡 Detection & Monitoring
Log Indicators:
- GPU driver crashes
- SMMU fault errors in kernel logs
- Abnormal memory mapping/unmapping patterns
- System crashes during GPU-intensive operations
SIEM Query:
source="kernel" AND ("GPU fault" OR "SMMU error" OR "memory corruption")