CVE-2023-28576 | THREATINT

Description

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.

Reserved 2023-03-17 | Published 2023-08-08 | Updated 2024-08-02 | Assigner qualcomm

MEDIUM: 6.4CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Product status

Default status

unaffected

FastConnect 6800

affected

FastConnect 6900

affected

FastConnect 7800

affected

QCA6391

affected

QCA6426

affected

QCA6436

affected

QCN9074

affected

QCS410

affected

QCS610

affected

SD865 5G

affected

Snapdragon 8 Gen 1 Mobile Platform

affected

Snapdragon 865 5G Mobile Platform

affected

Snapdragon 865+ 5G Mobile Platform (SM8250-AB)

affected

Snapdragon 870 5G Mobile Platform (SM8250-AC)

affected

Snapdragon X55 5G Modem-RF System

affected

Snapdragon XR2 5G Platform

affected

SW5100

affected

SW5100P

affected

SXR2130

affected

WCD9341

affected

WCD9370

affected

WCD9380

affected

WCN3660B

affected

WCN3680B

affected

WCN3950

affected

WCN3980

affected

WCN3988

affected

WSA8810

affected

WSA8815

affected

WSA8830

affected

WSA8835

affected

References

www.qualcomm.com/...-security/bulletins/august-2023-bulletin

cve.org (CVE-2023-28576)

nvd.nist.gov (CVE-2023-28576)

Download JSON