THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2023-28576

Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver

Assignerqualcomm
Reserved2023-03-17
Published2023-08-08
Updated2024-07-08

Description

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.



MEDIUM: 6.4CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Product status

Default status
unaffected

FastConnect 6800
affected

FastConnect 6900
affected

FastConnect 7800
affected

QCA6391
affected

QCA6426
affected

QCA6436
affected

QCN9074
affected

QCS410
affected

QCS610
affected

SD865 5G
affected

Snapdragon 8 Gen 1 Mobile Platform
affected

Snapdragon 865 5G Mobile Platform
affected

Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
affected

Snapdragon 870 5G Mobile Platform (SM8250-AC)
affected

Snapdragon X55 5G Modem-RF System
affected

Snapdragon XR2 5G Platform
affected

SW5100
affected

SW5100P
affected

SXR2130
affected

WCD9341
affected

WCD9370
affected

WCD9380
affected

WCN3660B
affected

WCN3680B
affected

WCN3950
affected

WCN3980
affected

WCN3988
affected

WSA8810
affected

WSA8815
affected

WSA8830
affected

WSA8835
affected

References

https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin

cve.org CVE-2023-28576

nvd.nist.gov CVE-2023-28576

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-28576
© Copyright 2024 THREATINT. Made in Cyprus with +