Memory Management Vulnerability in Qualcomm Snapdragon Products
CVE-2014-10052

9.8CRITICAL

Key Information:

Vendor
Qualcomm
Vendor
CVE Published:
18 April 2018

Summary

This vulnerability affects multiple Qualcomm Snapdragon products due to the failure to clear reserved memory within the TrustZone (TZ) subsystem after usage. The issue exists in various mobile and wearable devices, leaving sensitive data potentially accessible to unauthorized entities. Devices including Snapdragon Mobile, Snapdragon Wear, and several SoCs risk exposure due to this memory management flaw, creating avenues for attackers to exploit residual data. Proper updates and security patches are crucial to mitigate these risks and ensure device integrity.

Affected Version(s)

Snapdragon Mobile, Snapdragon Wear, Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, SD 835, SDX20

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.