XBL_SEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBL_SEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, Qualcomm 215, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
View Full Alert
Related Posts
CVE-2017-8252 (ipq4019_firmware, ipq8074_firmware, mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9615_firmware, mdm9635m_firmware, mdm9640_firmware, mdm9650_firmware, mdm9655_firmware, msm8909w_firmware, msm8996au_firmware, qc_215_firmware, qca8081_firmware, qcs605_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_410_firmware, sd_412_firmware, sd_415_firmware, sd_425_firmware, sd_427_firmware, sd_429_firmware, sd_430_firmware, sd_435_firmware, sd_439_firmware, sd_450_firmware, sd_615_firmware, sd_616_firmware, sd_625_firmware, sd_632_firmware, sd_636_firmware, sd_650_firmware, sd_652_firmware, sd_670_firmware, sd_675_firmware, sd_710_firmware, sd_712_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sd_855_firmware, sd_8cx_firmware, sda660_firmware, sdm439_firmware, sdm630_firmware, sdm660_firmware, sdx20_firmware, sdx24_firmware, sm7150_firmware, snapdragon_high_med_2016_firmware, sxr1130_firmware)Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon…
CVE-2019-1625 (sd-wan_firmware)A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is…
CVE-2019-1626 (sd-wan_firmware)A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The…
