Vulnerability: Crafted Image Signature Bypass in Multiple Snapdragon Platforms

Vulnerability: Crafted Image Signature Bypass in Multiple Snapdragon Platforms

CVE-2019-2338 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

Learn more about our Industrial Pen Testing.