CVE-2023-28576 (GCVE-0-2023-28576)

Vulnerability from cvelistv5 – Published: 2023-08-08 09:15 – Updated: 2024-08-02 13:43
VLAI?
Title
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver
Summary
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: FastConnect 6800
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: QCA6391
Affected: QCA6426
Affected: QCA6436
Affected: QCN9074
Affected: QCS410
Affected: QCS610
Affected: SD865 5G
Affected: Snapdragon 8 Gen 1 Mobile Platform
Affected: Snapdragon 865 5G Mobile Platform
Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC)
Affected: Snapdragon X55 5G Modem-RF System
Affected: Snapdragon XR2 5G Platform
Affected: SW5100
Affected: SW5100P
Affected: SXR2130
Affected: WCD9341
Affected: WCD9370
Affected: WCD9380
Affected: WCN3660B
Affected: WCN3680B
Affected: WCN3950
Affected: WCN3980
Affected: WCN3988
Affected: WSA8810
Affected: WSA8815
Affected: WSA8830
Affected: WSA8835
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28576",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T17:04:56.771674Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T17:05:12.003Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:43:22.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Compute",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT",
            "Snapdragon Mobile",
            "Snapdragon Wearables"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FastConnect 6800"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "QCA6391"
            },
            {
              "status": "affected",
              "version": "QCA6426"
            },
            {
              "status": "affected",
              "version": "QCA6436"
            },
            {
              "status": "affected",
              "version": "QCN9074"
            },
            {
              "status": "affected",
              "version": "QCS410"
            },
            {
              "status": "affected",
              "version": "QCS610"
            },
            {
              "status": "affected",
              "version": "SD865 5G"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8 Gen 1 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon X55 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2 5G Platform"
            },
            {
              "status": "affected",
              "version": "SW5100"
            },
            {
              "status": "affected",
              "version": "SW5100P"
            },
            {
              "status": "affected",
              "version": "SXR2130"
            },
            {
              "status": "affected",
              "version": "WCD9341"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCN3660B"
            },
            {
              "status": "affected",
              "version": "WCN3680B"
            },
            {
              "status": "affected",
              "version": "WCN3950"
            },
            {
              "status": "affected",
              "version": "WCN3980"
            },
            {
              "status": "affected",
              "version": "WCN3988"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:24:16.350Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
        }
      ],
      "title": "Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2023-28576",
    "datePublished": "2023-08-08T09:15:05.943Z",
    "dateReserved": "2023-03-17T11:41:45.850Z",
    "dateUpdated": "2024-08-02T13:43:22.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-28576\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2023-08-08T10:15:14.640\",\"lastModified\":\"2024-11-21T07:55:34.137\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.\"},{\"lang\":\"es\",\"value\":\"El buffer obtenido de APIs del kernel como cam_mem_get_cpu_buf() puede ser legible/escribible en espacio de usuario despu\u00e9s de que el kernel acceda a \u00e9l. En otras palabras, el modo de usuario puede competir y modificar la cabecera del paquete (por ejemplo, header.count), haciendo que las comprobaciones (por ejemplo, las comprobaciones de tama\u00f1o) en el c\u00f3digo del n\u00facleo no sean v\u00e1lidas. Esto puede llevar a problemas de lectura/escritura fuera de l\u00edmites.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"product-security@qualcomm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D89F035A-2388-48FC-AEBB-8429C6880F4A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:fastconnect_6800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA13EF4E-AAE6-45F4-9E41-78310E37CE81\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E670F500-9B71-4BBE-B5DA-221D35803C89\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9ADEB5C5-B79A-4F45-B7D3-75945B38DB6C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3053D68-C5D8-4D47-A4F0-9F3AF2289E1D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"638DBC7F-456F-487D-BED2-2214DFF8BEE2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B53119-1B2F-4978-B7F5-33B84BE73B68\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FEBC0C5-CAA1-475C-96C2-B8D24B2E4536\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A344E78F-D15A-460E-8EF8-7C6FC39F2D5E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FF5EC23-4884-4C2B-8E77-50B1E8E28A3D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04F574BC-9AB2-4B83-A466-556ECEBBD3DF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A34D021D-C043-4EFD-9AB3-B2174528CBA3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65303C2D-C6BF-47CB-8146-E240CB8BBE42\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcn9074:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6B03022-497A-4F42-BB4D-5624EA7DF1B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC43BB27-0516-4750-A4C2-C45298441398\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"969585DE-93D6-4406-A632-D838ECD4D5AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E634F59C-6817-4898-A141-082044E66836\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29762819-EC90-499C-A8C6-1423DE3FE6B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72433485-B229-46A6-BCA4-394AA4EEA683\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04D40EC4-BF31-4BFD-8D0A-8193F541AF02\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:snapdragon_8_gen_1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"985A7570-846E-4ED8-8EF0-E529231CE0B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:snapdragon_8_gen_1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BB1B4D9-EAE6-4395-8B8A-C97F15A64DFA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:snapdragon_865_5g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"713B1CB7-985F-49F4-A5A7-23DFD0F4EA04\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:snapdragon_865_5g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D7467AE-2EC2-4D9C-9D9C-83BAE7AE48CD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:snapdragon_865\\\\+_5g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F15FC88-6366-4210-A949-75A3890476B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:snapdragon_865\\\\+_5g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"711C5A1C-F67B-4BE2-BFE7-C86E716F85E2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:snapdragon_870_5g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6D89373-04BA-4DD4-A0D0-A45AF93FA7AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:snapdragon_870_5g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE485ADB-9A68-41AE-BBA8-242AC27263DD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:snapdragon_x55_5g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50081C21-0E3C-451C-B5D9-BFA6763FC92A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:snapdragon_x55_5g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8D443BF-15A5-4984-972B-0BC5BEDC835B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:snapdragon_xr2_5g_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"665811D8-F648-4F32-A375-FAF9C9E928B3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:snapdragon_xr2_5g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A537932-6EAD-411B-83FF-48CF050F603A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA1BF9BB-AF11-46A7-A71C-F7D289E76E3F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B8455D6-287D-4934-8E4D-F4127A9C0449\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB599A9F-0305-4FE4-8623-0F86630FEDCB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB883BF-68B2-4C25-84DC-5DA953BFAA2F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95762B01-2762-45BD-8388-5DB77EA6139C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE852339-1CAE-4983-9757-8F00EDEF1141\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D9E96B3-F1BB-46F8-B715-7DF90180F1E1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1295D869-F4DD-4766-B4AA-3513752F43B4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B98784DC-3143-4D38-AD28-DBBDCCAB4272\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70292B01-617F-44AD-AF77-1AFC1450523D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA94C6D6-85DB-4031-AAF4-C399019AE16D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB37B5DB-2493-4082-B2BF-60385B7E027C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BCD2FE2-11F2-4B2A-9BD7-EB26718139DA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0755F669-6D7E-454A-95DA-D60FA0696FD9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE861CE7-B530-4698-A9BC-43A159647BF2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FEF2DB6-00F5-4B07-953B-EF58B31267F1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"120E8F0F-EBEB-4565-9927-2D473F783EF7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C6E9038-9B18-4958-BE1E-215901C9B4B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B36D3274-F8D0-49C5-A6D5-95F5DC6D1950\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4BFB25F-013B-48E3-99FF-3E8687F94423\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF676C5B-838B-446C-A689-6A25AB8A87E2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15307882-7039-43E9-9BA3-035045988B99\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA85B322-E593-4499-829A-CC6D70BAE884\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E839A0B9-64C3-4C7A-82B7-D2AAF65928F8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E870D82-DE3B-4199-A730-C8FB545BAA98\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11B69595-E488-4590-A150-CE5BE08B5E13\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF680174-5FA6-47D9-8EAB-CC2A37A7BD42\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F80BC68E-7476-4A40-9F48-53722FE9A5BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B36F4B2-BAA3-45AD-9967-0EB482C99708\"}]}]}],\"references\":[{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28576\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-08T17:04:56.771674Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-08T17:05:06.582Z\"}}], \"cna\": {\"title\": \"Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Qualcomm, Inc.\", \"product\": \"Snapdragon\", \"versions\": [{\"status\": \"affected\", \"version\": \"FastConnect 6800\"}, {\"status\": \"affected\", \"version\": \"FastConnect 6900\"}, {\"status\": \"affected\", \"version\": \"FastConnect 7800\"}, {\"status\": \"affected\", \"version\": \"QCA6391\"}, {\"status\": \"affected\", \"version\": \"QCA6426\"}, {\"status\": \"affected\", \"version\": \"QCA6436\"}, {\"status\": \"affected\", \"version\": \"QCN9074\"}, {\"status\": \"affected\", \"version\": \"QCS410\"}, {\"status\": \"affected\", \"version\": \"QCS610\"}, {\"status\": \"affected\", \"version\": \"SD865 5G\"}, {\"status\": \"affected\", \"version\": \"Snapdragon 8 Gen 1 Mobile Platform\"}, {\"status\": \"affected\", \"version\": \"Snapdragon 865 5G Mobile Platform\"}, {\"status\": \"affected\", \"version\": \"Snapdragon 865+ 5G Mobile Platform (SM8250-AB)\"}, {\"status\": \"affected\", \"version\": \"Snapdragon 870 5G Mobile Platform (SM8250-AC)\"}, {\"status\": \"affected\", \"version\": \"Snapdragon X55 5G Modem-RF System\"}, {\"status\": \"affected\", \"version\": \"Snapdragon XR2 5G Platform\"}, {\"status\": \"affected\", \"version\": \"SW5100\"}, {\"status\": \"affected\", \"version\": \"SW5100P\"}, {\"status\": \"affected\", \"version\": \"SXR2130\"}, {\"status\": \"affected\", \"version\": \"WCD9341\"}, {\"status\": \"affected\", \"version\": \"WCD9370\"}, {\"status\": \"affected\", \"version\": \"WCD9380\"}, {\"status\": \"affected\", \"version\": \"WCN3660B\"}, {\"status\": \"affected\", \"version\": \"WCN3680B\"}, {\"status\": \"affected\", \"version\": \"WCN3950\"}, {\"status\": \"affected\", \"version\": \"WCN3980\"}, {\"status\": \"affected\", \"version\": \"WCN3988\"}, {\"status\": \"affected\", \"version\": \"WSA8810\"}, {\"status\": \"affected\", \"version\": \"WSA8815\"}, {\"status\": \"affected\", \"version\": \"WSA8830\"}, {\"status\": \"affected\", \"version\": \"WSA8835\"}], \"platforms\": [\"Snapdragon Compute\", \"Snapdragon Consumer IOT\", \"Snapdragon Industrial IOT\", \"Snapdragon Mobile\", \"Snapdragon Wearables\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-367\", \"description\": \"CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition\"}]}], \"providerMetadata\": {\"orgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"shortName\": \"qualcomm\", \"dateUpdated\": \"2024-04-12T16:24:16.350Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-28576\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-07-08T17:05:12.003Z\", \"dateReserved\": \"2023-03-17T11:41:45.850Z\", \"assignerOrgId\": \"2cfc7d3e-20d3-47ac-8db7-1b7285aff15f\", \"datePublished\": \"2023-08-08T09:15:05.943Z\", \"assignerShortName\": \"qualcomm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.