In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, and SD 810, the function tzbsp_pil_verify_sig() does not strictly check that the pointer to ELF and program headers and hash segment is within secure memory. It only checks that the address is not in non-secure memory. A given address range can overlap with both secure and non-secure regions - hence if such an address is passed in, it would not pass the non-secure range check, and would be considered valid by the function, even though that memory area could be modified by the non-secure side.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| qualcomm | mdm9206_firmware | - | - |
| qualcomm | mdm9607_firmware | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18
Affected Products
4
References
qualcomm / mdm9206_firmware
| - |
| qualcomm | ipq4019_firmware | - | - |
| qualcomm | mdm9635m_firmware | - | - |
| qualcomm | mdm9640_firmware | - | - |
| qualcomm | mdm9645_firmware | - | - |
| qualcomm | msm8909w_firmware | - | - |
| qualcomm | sd_210_firmware | - | - |
| qualcomm | sd_212_firmware | - | - |
| qualcomm | sd_205_firmware | - | - |
| qualcomm | sd_400_firmware | - | - |
| qualcomm | sd_410_firmware | - | - |
| qualcomm | sd_412_firmware | - | - |
| qualcomm | sd_615_firmware | - | - |
| qualcomm | sd_616_firmware | - | - |
| qualcomm | sd_415_firmware | - | - |
| qualcomm | sd_800_firmware | - | - |
| qualcomm | sd_810_firmware | - | - |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact