Vulnerabilities > CVE-2023-28575 - Type Confusion vulnerability in Qualcomm products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
qualcomm
CWE-843

Summary

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.

Vulnerable Configurations

Part Description Count
OS
Qualcomm
60
Hardware
Qualcomm
60