CVE-2023-28576: Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver
First published: Tue Aug 08 2023(Updated: )
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| qualcomm fastconnect 6800 Firmware | ||
| qualcomm fastconnect 6800 | ||
| All of | ||
| qualcomm fastconnect 6900 Firmware | ||
| qualcomm fastconnect 6900 | ||
| All of | ||
| qualcomm fastconnect 7800 firmware | ||
| qualcomm fastconnect 7800 | ||
| All of | ||
| qualcomm qca6391 firmware | ||
| qualcomm qca6391 | ||
| All of | ||
| qualcomm qca6426 firmware | ||
| qualcomm qca6426 | ||
| All of | ||
| qualcomm qca6436 firmware | ||
| qualcomm qca6436 | ||
| All of | ||
| qualcomm qcn9074 firmware | ||
| qualcomm qcn9074 | ||
| All of | ||
| qualcomm qcs410 firmware | ||
| qualcomm qcs410 | ||
| All of | ||
| qualcomm qcs610 firmware | ||
| qualcomm qcs610 | ||
| All of | ||
| qualcomm sd865 5g firmware | ||
| qualcomm sd865 5g | ||
| All of | ||
| Qualcomm Snapdragon 8 Gen 1 Firmware | ||
| Qualcomm Snapdragon 8 Gen 1 Firmware | ||
| All of | ||
| Qualcomm Snapdragon 865+ Firmware | ||
| Qualcomm Snapdragon 865 | ||
| All of | ||
| qualcomm snapdragon 865\+ 5g firmware | ||
| Qualcomm Snapdragon 865 | ||
| All of | ||
| Qualcomm Snapdragon 870 Firmware | ||
| Qualcomm Snapdragon 870 | ||
| All of | ||
| Qualcomm Snapdragon X55 Firmware | ||
| Qualcomm Snapdragon X55 Firmware | ||
| All of | ||
| qualcomm snapdragon xr2 5g firmware | ||
| qualcomm snapdragon xr2 5g | ||
| All of | ||
| qualcomm sw5100 firmware | ||
| qualcomm sw5100 | ||
| All of | ||
| qualcomm sw5100p firmware | ||
| qualcomm sw5100p | ||
| All of | ||
| qualcomm SXR2130 firmware | ||
| qualcomm SXR2130 | ||
| All of | ||
| qualcomm wcd9341 firmware | ||
| qualcomm wcd9341 | ||
| All of | ||
| Qualcomm wcd9370 firmware | ||
| Qualcomm wcd9370 | ||
| All of | ||
| qualcomm wcd9380 firmware | ||
| qualcomm wcd9380 | ||
| All of | ||
| Qualcomm wcn3660b firmware | ||
| Qualcomm wcn3660b | ||
| All of | ||
| Qualcomm wcn3680b firmware | ||
| Qualcomm wcn3680b | ||
| All of | ||
| Qualcomm WCN3950 Firmware | ||
| qualcomm wcn3950 | ||
| All of | ||
| qualcomm wcn3980 firmware | ||
| Qualcomm Wcn3980 | ||
| All of | ||
| qualcomm wcn3988 firmware | ||
| Qualcomm WCN3988 | ||
| All of | ||
| qualcomm wsa8810 firmware | ||
| qualcomm wsa8810 | ||
| All of | ||
| qualcomm wsa8815 firmware | ||
| qualcomm wsa8815 | ||
| All of | ||
| qualcomm wsa8830 firmware | ||
| qualcomm wsa8830 | ||
| All of | ||
| qualcomm wsa8835 firmware | ||
| qualcomm wsa8835 | ||
| qualcomm fastconnect 6800 Firmware | ||
| qualcomm fastconnect 6800 | ||
| qualcomm fastconnect 6900 Firmware | ||
| qualcomm fastconnect 6900 | ||
| qualcomm fastconnect 7800 firmware | ||
| qualcomm fastconnect 7800 | ||
| qualcomm qca6391 firmware | ||
| qualcomm qca6391 | ||
| qualcomm qca6426 firmware | ||
| qualcomm qca6426 | ||
| qualcomm qca6436 firmware | ||
| qualcomm qca6436 | ||
| qualcomm qcn9074 firmware | ||
| qualcomm qcn9074 | ||
| qualcomm qcs410 firmware | ||
| qualcomm qcs410 | ||
| qualcomm qcs610 firmware | ||
| qualcomm qcs610 | ||
| qualcomm sd865 5g firmware | ||
| qualcomm sd865 5g | ||
| Qualcomm Snapdragon 8 Gen 1 Firmware | ||
| Qualcomm Snapdragon 8 Gen 1 Firmware | ||
| Qualcomm Snapdragon 865+ Firmware | ||
| Qualcomm Snapdragon 865 | ||
| qualcomm snapdragon 865\+ 5g firmware | ||
| Qualcomm Snapdragon 865 | ||
| Qualcomm Snapdragon 870 Firmware | ||
| Qualcomm Snapdragon 870 | ||
| Qualcomm Snapdragon X55 Firmware | ||
| Qualcomm Snapdragon X55 Firmware | ||
| qualcomm snapdragon xr2 5g firmware | ||
| qualcomm snapdragon xr2 5g | ||
| qualcomm sw5100 firmware | ||
| qualcomm sw5100 | ||
| qualcomm sw5100p firmware | ||
| qualcomm sw5100p | ||
| qualcomm SXR2130 firmware | ||
| qualcomm SXR2130 | ||
| qualcomm wcd9341 firmware | ||
| qualcomm wcd9341 | ||
| Qualcomm wcd9370 firmware | ||
| Qualcomm wcd9370 | ||
| qualcomm wcd9380 firmware | ||
| qualcomm wcd9380 | ||
| Qualcomm wcn3660b firmware | ||
| Qualcomm wcn3660b | ||
| Qualcomm wcn3680b firmware | ||
| Qualcomm wcn3680b | ||
| Qualcomm WCN3950 Firmware | ||
| qualcomm wcn3950 | ||
| qualcomm wcn3980 firmware | ||
| Qualcomm Wcn3980 | ||
| qualcomm wcn3988 firmware | ||
| Qualcomm WCN3988 | ||
| qualcomm wsa8810 firmware | ||
| qualcomm wsa8810 | ||
| qualcomm wsa8815 firmware | ||
| qualcomm wsa8815 | ||
| qualcomm wsa8830 firmware | ||
| qualcomm wsa8830 | ||
| qualcomm wsa8835 firmware | ||
| qualcomm wsa8835 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-28576?
CVE-2023-28576 is a vulnerability that allows user mode to race and modify the packet header in kernel code, leading to invalid checks.
Which software is affected by CVE-2023-28576?
Qualcomm Fastconnect 6800 Firmware, Qualcomm Fastconnect 6900 Firmware, Qualcomm Fastconnect 7800 Firmware, Qualcomm Qca6426 Firmware, Qualcomm Qca6436 Firmware, Qualcomm Qcn9074 Firmware, Qualcomm Qcs410 Firmware, Qualcomm Qcs610 Firmware, Qualcomm Snapdragon 8 Gen 1 Firmware, Qualcomm Snapdragon 865 5g Firmware, Qualcomm Snapdragon 865+ 5g Firmware, Qualcomm Snapdragon 870 5g Firmware, Qualcomm Snapdragon X55 5g Firmware, Qualcomm Snapdragon Xr2 5g Firmware, Qualcomm Sxr2130 Firmware, Qualcomm Wcd9341 Firmware, Qualcomm Wcd9370 Firmware, Qualcomm Wcd9380 Firmware, Qualcomm Wcn3660b Firmware, Qualcomm Wcn3680b Firmware, Qualcomm Wcn3950 Firmware, Qualcomm Wcn3980 Firmware, Qualcomm Wcn3988 Firmware, Qualcomm Wsa8810 Firmware, Qualcomm Wsa8815 Firmware, Qualcomm Wsa8830 Firmware, Qualcomm Wsa8835 Firmware are affected by CVE-2023-28576.
What is the severity of CVE-2023-28576?
CVE-2023-28576 has a severity score of 7, which is considered high.
How does CVE-2023-28576 affect user mode and kernel code?
CVE-2023-28576 allows user mode to race and modify the packet header in kernel code, leading to invalid checks.
Is there a fix available for CVE-2023-28576?
Please refer to the official advisory from Qualcomm for information on available fixes for CVE-2023-28576.
- agent/type
- agent/references
- agent/title
- agent/weakness
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/author
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/qualcomm
- canonical/qualcomm fastconnect 6800 firmware
- canonical/qualcomm fastconnect 6800
- canonical/qualcomm fastconnect 6900 firmware
- canonical/qualcomm fastconnect 6900
- canonical/qualcomm fastconnect 7800 firmware
- canonical/qualcomm fastconnect 7800
- canonical/qualcomm qca6391 firmware
- canonical/qualcomm qca6391
- canonical/qualcomm qca6426 firmware
- canonical/qualcomm qca6426
- canonical/qualcomm qca6436 firmware
- canonical/qualcomm qca6436
- canonical/qualcomm qcn9074 firmware
- canonical/qualcomm qcn9074
- canonical/qualcomm qcs410 firmware
- canonical/qualcomm qcs410
- canonical/qualcomm qcs610 firmware
- canonical/qualcomm qcs610
- canonical/qualcomm sd865 5g firmware
- canonical/qualcomm sd865 5g
- canonical/qualcomm snapdragon 8 gen 1 firmware
- canonical/qualcomm snapdragon 865+ firmware
- canonical/qualcomm snapdragon 865
- canonical/qualcomm snapdragon 865\+ 5g firmware
- canonical/qualcomm snapdragon 870 firmware
- canonical/qualcomm snapdragon 870
- canonical/qualcomm snapdragon x55 firmware
- canonical/qualcomm snapdragon xr2 5g firmware
- canonical/qualcomm snapdragon xr2 5g
- canonical/qualcomm sw5100 firmware
- canonical/qualcomm sw5100
- canonical/qualcomm sw5100p firmware
- canonical/qualcomm sw5100p
- canonical/qualcomm sxr2130 firmware
- canonical/qualcomm sxr2130
- canonical/qualcomm wcd9341 firmware
- canonical/qualcomm wcd9341
- canonical/qualcomm wcd9370 firmware
- canonical/qualcomm wcd9370
- canonical/qualcomm wcd9380 firmware
- canonical/qualcomm wcd9380
- canonical/qualcomm wcn3660b firmware
- canonical/qualcomm wcn3660b
- canonical/qualcomm wcn3680b firmware
- canonical/qualcomm wcn3680b
- canonical/qualcomm wcn3950 firmware
- canonical/qualcomm wcn3950
- canonical/qualcomm wcn3980 firmware
- canonical/qualcomm wcn3980
- canonical/qualcomm wcn3988 firmware
- canonical/qualcomm wcn3988
- canonical/qualcomm wsa8810 firmware
- canonical/qualcomm wsa8810
- canonical/qualcomm wsa8815 firmware
- canonical/qualcomm wsa8815
- canonical/qualcomm wsa8830 firmware
- canonical/qualcomm wsa8830
- canonical/qualcomm wsa8835 firmware
- canonical/qualcomm wsa8835