PT-2019-11885 · Qualcomm · Qualcomm Snapdragon Auto+20

Published

2019-09-30

·

Updated

2021-07-21

·

CVE-2019-10492

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions (affected versions not specified) Qualcomm Snapdragon Mobile versions (affected versions not specified) Qualcomm Snapdragon Wearables versions (affected versions not specified) MDM9607 (affected versions not specified) MSM8909W (affected versions not specified) Qualcomm 215 (affected versions not specified) SD 210/SD 212/SD 205 (affected versions not specified) SD 425 (affected versions not specified) SD 427 (affected versions not specified) SD 430 (affected versions not specified) SD 435 (affected versions not specified) SD 439 / SD 429 (affected versions not specified) SD 450 (affected versions not specified) SD 625 (affected versions not specified) SD 632 (affected versions not specified) SD 820 (affected versions not specified) SD 820A (affected versions not specified) SDM439 (affected versions not specified)
Description The boot image is not being verified by Android Verified Boot (AVB) in various Qualcomm Snapdragon products. This issue affects multiple Qualcomm Snapdragon platforms, including Auto, Mobile, and Wearables, across several chipsets.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2019-10492

Affected Products

Mdm9607
Msm8909W
Qualcomm 215
Qualcomm Snapdragon Auto
Qualcomm Snapdragon Mobile
Qualcomm Snapdragon Wearables
Sd 205
Sd 210
Sd 212
Sd 425
Sd 427
Sd 429
Sd 430
Sd 435
Sd 439
Sd 450
Sd 625
Sd 632
Sd 820
Sd 820A
Sdm439