CVE-2023-28576
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver
Severity Score
7.0
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.
El buffer obtenido de APIs del kernel como cam_mem_get_cpu_buf() puede ser legible/escribible en espacio de usuario después de que el kernel acceda a él. En otras palabras, el modo de usuario puede competir y modificar la cabecera del paquete (por ejemplo, header.count), haciendo que las comprobaciones (por ejemplo, las comprobaciones de tamaño) en el código del núcleo no sean válidas. Esto puede llevar a problemas de lectura/escritura fuera de límites.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-03-17 CVE Reserved
- 2023-08-08 CVE Published
- 2023-08-09 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin | 2024-04-12 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qualcomm Search vendor "Qualcomm" | Fastconnect 6800 Firmware Search vendor "Qualcomm" for product "Fastconnect 6800 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Fastconnect 6800 Search vendor "Qualcomm" for product "Fastconnect 6800" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Fastconnect 6900 Firmware Search vendor "Qualcomm" for product "Fastconnect 6900 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Fastconnect 6900 Search vendor "Qualcomm" for product "Fastconnect 6900" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Fastconnect 7800 Firmware Search vendor "Qualcomm" for product "Fastconnect 7800 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Fastconnect 7800 Search vendor "Qualcomm" for product "Fastconnect 7800" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca6391 Firmware Search vendor "Qualcomm" for product "Qca6391 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca6391 Search vendor "Qualcomm" for product "Qca6391" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca6426 Firmware Search vendor "Qualcomm" for product "Qca6426 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca6426 Search vendor "Qualcomm" for product "Qca6426" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qca6436 Firmware Search vendor "Qualcomm" for product "Qca6436 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qca6436 Search vendor "Qualcomm" for product "Qca6436" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qcn9074 Firmware Search vendor "Qualcomm" for product "Qcn9074 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qcn9074 Search vendor "Qualcomm" for product "Qcn9074" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qcs410 Firmware Search vendor "Qualcomm" for product "Qcs410 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qcs410 Search vendor "Qualcomm" for product "Qcs410" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qcs610 Firmware Search vendor "Qualcomm" for product "Qcs610 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qcs610 Search vendor "Qualcomm" for product "Qcs610" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd865 5g Firmware Search vendor "Qualcomm" for product "Sd865 5g Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd865 5g Search vendor "Qualcomm" for product "Sd865 5g" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Snapdragon 8 Gen 1 Firmware Search vendor "Qualcomm" for product "Snapdragon 8 Gen 1 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Snapdragon 8 Gen 1 Search vendor "Qualcomm" for product "Snapdragon 8 Gen 1" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Snapdragon 865 5g Firmware Search vendor "Qualcomm" for product "Snapdragon 865 5g Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Snapdragon 865 5g Search vendor "Qualcomm" for product "Snapdragon 865 5g" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Snapdragon 865\+ 5g Firmware Search vendor "Qualcomm" for product "Snapdragon 865\+ 5g Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Snapdragon 865\+ 5g Search vendor "Qualcomm" for product "Snapdragon 865\+ 5g" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Snapdragon 870 5g Firmware Search vendor "Qualcomm" for product "Snapdragon 870 5g Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Snapdragon 870 5g Search vendor "Qualcomm" for product "Snapdragon 870 5g" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Snapdragon X55 5g Firmware Search vendor "Qualcomm" for product "Snapdragon X55 5g Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Snapdragon X55 5g Search vendor "Qualcomm" for product "Snapdragon X55 5g" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Snapdragon Xr2 5g Firmware Search vendor "Qualcomm" for product "Snapdragon Xr2 5g Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Snapdragon Xr2 5g Search vendor "Qualcomm" for product "Snapdragon Xr2 5g" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sw5100 Firmware Search vendor "Qualcomm" for product "Sw5100 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sw5100 Search vendor "Qualcomm" for product "Sw5100" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sw5100p Firmware Search vendor "Qualcomm" for product "Sw5100p Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sw5100p Search vendor "Qualcomm" for product "Sw5100p" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sxr2130 Firmware Search vendor "Qualcomm" for product "Sxr2130 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sxr2130 Search vendor "Qualcomm" for product "Sxr2130" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wcd9341 Firmware Search vendor "Qualcomm" for product "Wcd9341 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wcd9341 Search vendor "Qualcomm" for product "Wcd9341" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wcd9370 Firmware Search vendor "Qualcomm" for product "Wcd9370 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wcd9370 Search vendor "Qualcomm" for product "Wcd9370" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wcd9380 Firmware Search vendor "Qualcomm" for product "Wcd9380 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wcd9380 Search vendor "Qualcomm" for product "Wcd9380" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wcn3660b Firmware Search vendor "Qualcomm" for product "Wcn3660b Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wcn3660b Search vendor "Qualcomm" for product "Wcn3660b" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wcn3680b Firmware Search vendor "Qualcomm" for product "Wcn3680b Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wcn3680b Search vendor "Qualcomm" for product "Wcn3680b" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wcn3950 Firmware Search vendor "Qualcomm" for product "Wcn3950 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wcn3950 Search vendor "Qualcomm" for product "Wcn3950" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wcn3980 Firmware Search vendor "Qualcomm" for product "Wcn3980 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wcn3980 Search vendor "Qualcomm" for product "Wcn3980" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wcn3988 Firmware Search vendor "Qualcomm" for product "Wcn3988 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wcn3988 Search vendor "Qualcomm" for product "Wcn3988" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wsa8810 Firmware Search vendor "Qualcomm" for product "Wsa8810 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wsa8810 Search vendor "Qualcomm" for product "Wsa8810" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wsa8815 Firmware Search vendor "Qualcomm" for product "Wsa8815 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wsa8815 Search vendor "Qualcomm" for product "Wsa8815" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wsa8830 Firmware Search vendor "Qualcomm" for product "Wsa8830 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wsa8830 Search vendor "Qualcomm" for product "Wsa8830" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Wsa8835 Firmware Search vendor "Qualcomm" for product "Wsa8835 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Wsa8835 Search vendor "Qualcomm" for product "Wsa8835" | - | - |
Safe
|