← volver
CVE-2023-28576

Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver

CVSS 6.4 MEDIUMEPSS 0.1%CWE-367
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.4EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 ago 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Qualcomm, Inc. · Snapdragon

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin