PT-2019-8813 · Qualcomm · Snapdragon Wired Infrastructure/Networking+8
Publicado
2019-02-25
·
Atualizado
2019-02-28
·
CVE-2018-11864
CVSS v2.0
4.9
Média
| Vetor | AV:L/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Snapdragon Auto versions IPQ8074
Snapdragon Compute versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, QCS605
Snapdragon Connectivity versions QCA8081
Snapdragon Consumer Electronics Connectivity versions SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670
Snapdragon Consumer IOT versions SDM439, SDM630, SDM660
Snapdragon Industrial IOT versions SDA660, SXR1130
Snapdragon Mobile versions MSM8996AU, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX
Snapdragon Voice & Music versions Snapdragon High Med 2016
Snapdragon Wired Infrastructure and Networking versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655
Description
The issue allows bytes to be written to fuses from the Secure region, which can be read later by HLOS. This affects various Snapdragon products.
Recommendations
For Snapdragon Auto version IPQ8074, update to a version that includes a fix for this issue.
For Snapdragon Compute versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, QCS605, apply configuration changes to restrict access to the Secure region.
For Snapdragon Connectivity version QCA8081, avoid using the vulnerable function until a patch is available.
For Snapdragon Consumer Electronics Connectivity versions SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, restrict access to the vulnerable module to minimize the risk of exploitation.
For Snapdragon Consumer IOT versions SDM439, SDM630, SDM660, consider disabling the vulnerable parameter until a fix is available.
For Snapdragon Industrial IOT versions SDA660, SXR1130, update to a version that includes a fix for this issue.
For Snapdragon Mobile versions MSM8996AU, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, apply configuration changes to restrict access to the Secure region.
For Snapdragon Voice & Music version Snapdragon High Med 2016, avoid using the vulnerable function until a patch is available.
For Snapdragon Wired Infrastructure and Networking versions MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, restrict access to the vulnerable module to minimize the risk of exploitation.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Electronics Connectivity
Snapdragon Consumer Iot
Snapdragon Industrial Iot
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wired Infrastructure/Networking