CVE-2023-28576

MEDIUM

Qualcomm FastConnect and Snapdragon Firmware - Time-of-check Time-of-use Race Condition

Title source: llm

Description

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin

Scores

CVSS v3 6.4

EPSS 0.0003

EPSS Percentile 7.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-367

Status published

Products (31)

qualcomm/fastconnect_6800_firmware

qualcomm/fastconnect_6900_firmware

qualcomm/fastconnect_7800_firmware

qualcomm/qca6391_firmware

qualcomm/qca6426_firmware

qualcomm/qca6436_firmware

qualcomm/qcn9074_firmware

qualcomm/qcs410_firmware

qualcomm/qcs610_firmware

qualcomm/sd865_5g_firmware

... and 21 more

Published Aug 08, 2023

Tracked Since Feb 18, 2026