CVE-2023-28576

EPSS 0.02%
Veröffentlicht 08.08.2023 10:15:14
Zuletzt bearbeitet 21.11.2024 07:55:34
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Fastconnect 6800 Firmware Version-

Qualcomm ≫ Fastconnect 6800 Version-

Qualcomm ≫ Fastconnect 6900 Firmware Version-

Qualcomm ≫ Fastconnect 6900 Version-

Qualcomm ≫ Fastconnect 7800 Firmware Version-

Qualcomm ≫ Fastconnect 7800 Version-

Qualcomm ≫ Qca6391 Firmware Version-

Qualcomm ≫ Qca6391 Version-

Qualcomm ≫ Qca6426 Firmware Version-

Qualcomm ≫ Qca6426 Version-

Qualcomm ≫ Qca6436 Firmware Version-

Qualcomm ≫ Qca6436 Version-

Qualcomm ≫ Qcn9074 Firmware Version-

Qualcomm ≫ Qcn9074 Version-

Qualcomm ≫ Qcs410 Firmware Version-

Qualcomm ≫ Qcs410 Version-

Qualcomm ≫ Qcs610 Firmware Version-

Qualcomm ≫ Qcs610 Version-

Qualcomm ≫ Sd865 5g Firmware Version-

Qualcomm ≫ Sd865 5g Version-

Qualcomm ≫ Snapdragon 8 Gen 1 Firmware Version-

Qualcomm ≫ Snapdragon 8 Gen 1 Version-

Qualcomm ≫ Snapdragon 865 5g Firmware Version-

Qualcomm ≫ Snapdragon 865 5g Version-

Qualcomm ≫ Snapdragon 865+ 5g Firmware Version-

Qualcomm ≫ Snapdragon 865+ 5g Version-

Qualcomm ≫ Snapdragon 870 5g Firmware Version-

Qualcomm ≫ Snapdragon 870 5g Version-

Qualcomm ≫ Snapdragon X55 5g Firmware Version-

Qualcomm ≫ Snapdragon X55 5g Version-

Qualcomm ≫ Snapdragon Xr2 5g Firmware Version-

Qualcomm ≫ Snapdragon Xr2 5g Version-

Qualcomm ≫ Sw5100 Firmware Version-

Qualcomm ≫ Sw5100 Version-

Qualcomm ≫ Sw5100p Firmware Version-

Qualcomm ≫ Sw5100p Version-

Qualcomm ≫ Sxr2130 Firmware Version-

Qualcomm ≫ Sxr2130 Version-

Qualcomm ≫ Wcd9341 Firmware Version-

Qualcomm ≫ Wcd9341 Version-

Qualcomm ≫ Wcd9370 Firmware Version-

Qualcomm ≫ Wcd9370 Version-

Qualcomm ≫ Wcd9380 Firmware Version-

Qualcomm ≫ Wcd9380 Version-

Qualcomm ≫ Wcn3660b Firmware Version-

Qualcomm ≫ Wcn3660b Version-

Qualcomm ≫ Wcn3680b Firmware Version-

Qualcomm ≫ Wcn3680b Version-

Qualcomm ≫ Wcn3950 Firmware Version-

Qualcomm ≫ Wcn3950 Version-

Qualcomm ≫ Wcn3980 Firmware Version-

Qualcomm ≫ Wcn3980 Version-

Qualcomm ≫ Wcn3988 Firmware Version-

Qualcomm ≫ Wcn3988 Version-

Qualcomm ≫ Wsa8810 Firmware Version-

Qualcomm ≫ Wsa8810 Version-

Qualcomm ≫ Wsa8815 Firmware Version-

Qualcomm ≫ Wsa8815 Version-

Qualcomm ≫ Wsa8830 Firmware Version-

Qualcomm ≫ Wsa8830 Version-

Qualcomm ≫ Wsa8835 Firmware Version-

Qualcomm ≫ Wsa8835 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.038

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com	6.4	0.5	5.9	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-28576

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28576

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28576

EUVD