The purpose behind a CSRF attack is to cause a server side state change. For example, if a website like Facebook was vulnerable to CSRF, you would be able to post a message on the user's timeline by tricking the user and initiating a request from another browser tab. Note that in this case you do not need to read the response coming back from the server. As long as the server processes your request, the attack is successful. To answer your specific question Disabling CORS would not prevent CSRF attacks. There are other ways to protect against CSRF. Having CSRF prevention built in
CORS is supposed to be a safe way to perform cross domain communication between trusted origins. Exploiting a CORS mis-configuration issue is similar in nature to a CSRF attack (tricking the user into visiting an attacker controlled domain and sending cross domain requests) but the idea is to read (steal) sensitive data from the target domain.
A CORS misconfiguration may allow untrusted domains to make cross domain authenticated requests and read the data that they are not supposed to read. The most common scenario for CORS exploitation is a site which uses the origin sent in the HTTP request to populate the Access-Control-Allow-Origin response header. If you are lucky the application may also send back Access-Control-Allow-Credentials. This would allowsallow you to make authenticated cross origin requests and read the responses. There are some other examples like the Originull exploit that you should look at.
Having CSRF protection for cross origin requests does not make sense. The whole idea of CORS is to securely allow cross domain requests from a whitelist of domains. Not sure how you would implement a CSRF token in this case.
Here is some additional recommended reading:
https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties