Qualcomm Power Management IC Heap-Based Buffer Overflow Vulnerability

A heap-based buffer overflow vulnerability has been identified in the Power Management IC of various chipsets. This vulnerability arises from memory corruption when IOCTL requests are sent with invalid buffer sizes, disrupting normal memory copying operations. The issue allows for local exploitation, potentially leading to arbitrary code execution or other malicious actions.

Impact

Exploitation of this vulnerability causes memory corruption, which can be leveraged to execute arbitrary code or create a denial-of-service condition by crashing the system or application.

Remediation

Qualcomm has notified device manufacturers about this vulnerability and recommended that they deploy patches on released devices as soon as possible. For information on the patching status of specific devices, contact the device manufacturer.