CVE-2023-28576 MEDIUM

CVE-2023-28576: Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver

Vendor Qualcomm, Inc.
Product Snapdragon
Weakness CWE-367
Published August 8, 2023
Last update August 2, 2024

CVSS base score

6.4/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.

Key dates

02Disclosure timeline

August 8, 2023 CVE published
August 2, 2024 Record updated