Intel i915 GPU: LPAC enables outofbound register access
CVE-2024-23351 Published on May 6, 2024
Improper Access Control in Graphics Linux
Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions.
Vulnerability Analysis
CVE-2024-23351 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2024-23351 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2024-23351
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-23351 are published in these products:
Affected Versions
Qualcomm, Inc. Snapdragon:- Version FastConnect 6200 is affected.
- Version FastConnect 6700 is affected.
- Version FastConnect 6900 is affected.
- Version FastConnect 7800 is affected.
- Version Flight RB5 5G Platform is affected.
- Version QAM8255P is affected.
- Version QAM8295P is affected.
- Version QAM8650P is affected.
- Version QAM8775P is affected.
- Version QAMSRV1H is affected.
- Version QAMSRV1M is affected.
- Version QCA6391 is affected.
- Version QCA6574 is affected.
- Version QCA6574A is affected.
- Version QCA6574AU is affected.
- Version QCA6595 is affected.
- Version QCA6595AU is affected.
- Version QCA6678AQ is affected.
- Version QCA6696 is affected.
- Version QCA6698AQ is affected.
- Version QCA6797AQ is affected.
- Version QCM4325 is affected.
- Version QCM4490 is affected.
- Version QCM5430 is affected.
- Version QCM6125 is affected.
- Version QCM6490 is affected.
- Version QCM8550 is affected.
- Version QCS4490 is affected.
- Version QCS5430 is affected.
- Version QCS6125 is affected.
- Version QCS6490 is affected.
- Version QCS7230 is affected.
- Version QCS8250 is affected.
- Version QCS8550 is affected.
- Version QRB5165N is affected.
- Version Qualcomm Video Collaboration VC1 Platform is affected.
- Version Qualcomm Video Collaboration VC3 Platform is affected.
- Version Qualcomm Video Collaboration VC5 Platform is affected.
- Version Robotics RB5 Platform is affected.
- Version SA6155P is affected.
- Version SA7255P is affected.
- Version SA8155P is affected.
- Version SA8195P is affected.
- Version SA8255P is affected.
- Version SA8295P is affected.
- Version SA8620P is affected.
- Version SA8650P is affected.
- Version SA8770P is affected.
- Version SA8775P is affected.
- Version SA9000P is affected.
- Version SD 8 Gen1 5G is affected.
- Version SG4150P is affected.
- Version SG8275P is affected.
- Version SM8550P is affected.
- Version Snapdragon 4 Gen 1 Mobile Platform is affected.
- Version Snapdragon 4 Gen 2 Mobile Platform is affected.
- Version Snapdragon 480 5G Mobile Platform is affected.
- Version Snapdragon 480+ 5G Mobile Platform (SM4350-AC) is affected.
- Version Snapdragon 680 4G Mobile Platform is affected.
- Version Snapdragon 685 4G Mobile Platform (SM6225-AD) is affected.
- Version Snapdragon 695 5G Mobile Platform is affected.
- Version Snapdragon 8 Gen 1 Mobile Platform is affected.
- Version Snapdragon 8 Gen 2 Mobile Platform is affected.
- Version Snapdragon 8 Gen 3 Mobile Platform is affected.
- Version Snapdragon 8+ Gen 1 Mobile Platform is affected.
- Version Snapdragon 8+ Gen 2 Mobile Platform is affected.
- Version Snapdragon AR2 Gen 1 Platform is affected.
- Version Snapdragon W5+ Gen 1 Wearable Platform is affected.
- Version SRV1H is affected.
- Version SRV1M is affected.
- Version SSG2115P is affected.
- Version SSG2125P is affected.
- Version SW5100 is affected.
- Version SW5100P is affected.
- Version SXR1230P is affected.
- Version SXR2230P is affected.
- Version SXR2250P is affected.
- Version TalynPlus is affected.
- Version WCD9370 is affected.
- Version WCD9375 is affected.
- Version WCD9380 is affected.
- Version WCD9385 is affected.
- Version WCD9390 is affected.
- Version WCD9395 is affected.
- Version WCN3950 is affected.
- Version WCN3980 is affected.
- Version WCN3988 is affected.
- Version WSA8810 is affected.
- Version WSA8815 is affected.
- Version WSA8830 is affected.
- Version WSA8832 is affected.
- Version WSA8835 is affected.
- Version WSA8840 is affected.
- Version WSA8845 is affected.
- Version WSA8845H is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
- Version - is affected.
Exploit Probability
EPSS
0.08%
Percentile
24.17%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.