The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
qualcomm fastconnect 6800 firmware - |
||
qualcomm fastconnect 6900 firmware - |
||
qualcomm fastconnect 7800 firmware - |
||
qualcomm qca6391 firmware - |
||
qualcomm qca6426 firmware - |
||
qualcomm qca6436 firmware - |
||
qualcomm qcn9074 firmware - |
||
qualcomm qcs410 firmware - |
||
qualcomm qcs610 firmware - |
||
qualcomm sd865 5g firmware - |
||
qualcomm snapdragon 8 gen 1 firmware - |
||
qualcomm snapdragon 865 5g firmware - |
||
qualcomm snapdragon 865+ 5g firmware - |
||
qualcomm snapdragon 870 5g firmware - |
||
qualcomm snapdragon x55 5g firmware - |
||
qualcomm snapdragon xr2 5g firmware - |
||
qualcomm sw5100 firmware - |
||
qualcomm sw5100p firmware - |
||
qualcomm sxr2130 firmware - |
||
qualcomm wcd9341 firmware - |
||
qualcomm wcd9370 firmware - |
||
qualcomm wcd9380 firmware - |
||
qualcomm wcn3660b firmware - |
||
qualcomm wcn3680b firmware - |
||
qualcomm wcn3950 firmware - |
||
qualcomm wcn3980 firmware - |
||
qualcomm wcn3988 firmware - |
||
qualcomm wsa8810 firmware - |
||
qualcomm wsa8815 firmware - |
||
qualcomm wsa8830 firmware - |
||
qualcomm wsa8835 firmware - |
Vulmon