Skip to main content

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 08, 2023 - 10:15 nvd
HIGH 7.0

DescriptionNVD

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.

AnalysisAI

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. Rated high severity (CVSS 7.0).

Technical ContextAI

This vulnerability is classified under CWE-367. The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues. Affected products include: Qualcomm Fastconnect 6800 Firmware, Qualcomm Fastconnect 6900 Firmware, Qualcomm Fastconnect 7800 Firmware, Qualcomm Qca6391 Firmware, Qualcomm Qca6426 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-21480 HIGH
8.6 Jun 03

Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized comm

CVE-2025-21479 HIGH
8.6 Jun 03

A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized co

CVE-2026-21385 HIGH POC
7.8 Mar 02

A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo

CVE-2023-22388 CRITICAL
9.8 Nov 07

Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this v

CVE-2023-22385 CRITICAL
9.8 Oct 03

Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-28581 CRITICAL
9.8 Sep 05

Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE. Rated critical severity (CVSS 9.8), this

CVE-2023-28562 CRITICAL
9.8 Sep 05

Memory corruption while handling payloads from remote ESL. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2023-21631 CRITICAL
9.8 Jul 04

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received

CVE-2023-33032 CRITICAL
9.3 Jan 02

Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. Rated critical severity (CVSS 9.3

CVE-2023-33030 CRITICAL
9.3 Jan 02

Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no

CVE-2024-38408 CRITICAL
9.1 Nov 04

Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions. Rated critic

CVE-2023-28585 HIGH
8.8 Dec 05

Memory corruption while loading an ELF segment in TEE Kernel. Rated high severity (CVSS 8.8), this vulnerability is low

Share

CVE-2023-28576 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy