CVE-2024-23360 in Snapdragon Computeinfo

Summary

by MITRE • 06/03/2024

Memory corruption while creating a LPAC client as LPAC engine was allowed to access GPU registers.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 01/10/2025

The vulnerability identified as CVE-2024-23360 represents a critical memory corruption issue within the Windows LPAC (Low Privilege Access Control) client creation process. This flaw specifically manifests when the LPAC engine is permitted to access GPU registers, creating a dangerous condition where improper memory handling can occur during client initialization. The vulnerability stems from insufficient validation mechanisms that allow the LPAC engine to directly manipulate hardware resources without proper boundary checking or memory allocation safeguards. According to CWE-121, this represents a classic stack buffer overflow scenario where the LPAC engine's access to GPU registers bypasses normal memory protection mechanisms, potentially enabling arbitrary code execution. The underlying technical flaw occurs because the system fails to properly validate or sanitize GPU register access requests during LPAC client creation, allowing malicious actors to exploit this path for privilege escalation.

The operational impact of CVE-2024-23360 is severe and multifaceted, particularly within enterprise environments where GPU acceleration is commonly utilized. Attackers can leverage this vulnerability to execute arbitrary code with elevated privileges, potentially compromising the entire system or network infrastructure. The vulnerability specifically targets the Windows operating system's security model, particularly affecting systems that utilize LPAC for controlling access to sensitive resources while also managing GPU operations. This creates a dangerous scenario where an attacker with limited privileges could potentially gain full system control through GPU register manipulation. The attack vector aligns with ATT&CK technique T1068, which involves local privilege escalation through exploitation of system vulnerabilities, and T1059, which covers execution through system commands. The vulnerability's exploitation requires minimal user interaction and can be automated, making it particularly dangerous in environments with high GPU utilization.

Mitigation strategies for CVE-2024-23360 should focus on immediate patch deployment from Microsoft, as the vulnerability directly affects core Windows security components. Organizations must implement network segmentation to limit GPU access where possible and disable unnecessary LPAC functionality on systems that do not require it. System administrators should monitor for unusual GPU register access patterns and implement enhanced logging for LPAC client creation events. The recommended approach includes applying the latest Windows updates, configuring appropriate access controls for GPU resources, and implementing runtime protection mechanisms such as Windows Defender Application Control to prevent unauthorized code execution. Additionally, organizations should consider disabling LPAC functionality entirely if it is not critical to their operations, as this removes the attack surface entirely. Security monitoring should specifically target abnormal memory access patterns and unauthorized GPU register modifications, as these activities often precede successful exploitation attempts. The vulnerability demonstrates the importance of proper memory management in kernel-level components and highlights the need for comprehensive security testing of hardware interaction pathways within operating systems.

Responsible

Qualcomm, Inc.

Reservation

01/16/2024

Disclosure

06/03/2024

Moderation

accepted

CPE

ready

EPSS

0.00091

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!