Memory Management Vulnerability in Qualcomm Snapdragon Products
CVE-2014-10052

9.8CRITICAL

Key Information:

Vendor: Qualcomm
Status: Snapdragon Mobile, Snapdragon Wear, Small Cell Soc
Vendor: CVE Published:; 18 April 2018

Summary

This vulnerability affects multiple Qualcomm Snapdragon products due to the failure to clear reserved memory within the TrustZone (TZ) subsystem after usage. The issue exists in various mobile and wearable devices, leaving sensitive data potentially accessible to unauthorized entities. Devices including Snapdragon Mobile, Snapdragon Wear, and several SoCs risk exposure due to this memory management flaw, creating avenues for attackers to exploit residual data. Proper updates and security patches are crucial to mitigate these risks and ensure device integrity.

Affected Version(s)

Snapdragon Mobile, Snapdragon Wear, Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, SD 835, SDX20

References

https://source.android.com/security/bulletin/2018-04-01

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103671

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2018
Vulnerability Reserved
Aug 16, 2017