NAND-based EFS Access Control Vulnerability in Snapdragon Devices

NAND-based EFS Access Control Vulnerability in Snapdragon Devices

CVE-2018-11259 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:P/A:N

Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition.

Learn more about our Mobile App Penetration Testing.