Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130
Threat-Mapped Scoring
Score: 2.3
Priority: P3 - Important (Medium)
-
S6 – Espionage of Financial Trades
EPSS
Score: 0.0004
Percentile:
0.11029
CVSS Scoring
CVSS v3.0 Score: 5.5
Severity: MEDIUM
Mapped CWE(s)
-
CWE-285
: Improper Authorization
All CAPEC(s)
-
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
-
CAPEC-104: Cross Zone Scripting
-
CAPEC-127: Directory Indexing
-
CAPEC-13: Subverting Environment Variable Values
-
CAPEC-17: Using Malicious Files
-
CAPEC-39: Manipulating Opaque Client-based Data Tokens
-
CAPEC-402: Bypassing ATA Password Security
-
CAPEC-45: Buffer Overflow via Symbolic Links
-
CAPEC-5: Blue Boxing
-
CAPEC-51: Poison Web Service Registry
-
CAPEC-59: Session Credential Falsification through Prediction
-
CAPEC-60: Reusing Session IDs (aka Session Replay)
-
CAPEC-647: Collect Data from Registries
-
CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)
-
CAPEC-76: Manipulating Web Input to File System Calls
-
CAPEC-77: Manipulating User-Controlled Variables
-
CAPEC-87: Forceful Browsing
CAPEC(s) with Mapped TTPs
-
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
-
T1574.010
: Services File Permissions Weakness
-
CAPEC-127: Directory Indexing
Mapped TTPs:
-
T1083
: File and Directory Discovery
-
CAPEC-13: Subverting Environment Variable Values
Mapped TTPs:
-
T1562.003
: Impair Command History Logging
-
T1574.006
: Dynamic Linker Hijacking
-
T1574.007
: Path Interception by PATH Environment Variable
-
CAPEC-17: Using Malicious Files
Mapped TTPs:
-
T1574.005
: Executable Installer File Permissions Weakness
-
T1574.010
: Services File Permissions Weakness
-
CAPEC-60: Reusing Session IDs (aka Session Replay)
Mapped TTPs:
-
CAPEC-647: Collect Data from Registries
Mapped TTPs:
-
CAPEC-668: Key Negotiation of Bluetooth Attack (KNOB)
Mapped TTPs:
Mapped ATT&CK TTPs
-
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
-
T1083
: File and Directory Discovery
Kill Chain: discovery
-
T1562.003
: Impair Command History Logging
Kill Chain: defense-evasion
-
T1574.006
: Dynamic Linker Hijacking
Kill Chain: persistence
-
T1574.007
: Path Interception by PATH Environment Variable
Kill Chain: persistence
-
T1574.005
: Executable Installer File Permissions Weakness
Kill Chain: persistence
-
T1574.010
: Services File Permissions Weakness
Kill Chain: persistence
-
T1134.001
: Token Impersonation/Theft
Kill Chain: defense-evasion
-
T1550.004
: Web Session Cookie
Kill Chain: defense-evasion
-
T1005
: Data from Local System
Kill Chain: collection
-
T1012
: Query Registry
Kill Chain: discovery
-
T1552.002
: Credentials in Registry
Kill Chain: credential-access
-
T1565.002
: Transmitted Data Manipulation
Kill Chain: impact
Malware
APTs Threat Group Associations
Campaigns
- Operation Wocao
- ArcaneDoor
- SolarWinds Compromise
- Operation CuckooBees
- CostaRicto
- Operation Honeybee
- Operation Dream Job
- C0015
- Frankenstein
- Night Dragon
- Operation MidnightEclipse
- HomeLand Justice
- C0017
- Cutting Edge
- KV Botnet Activity
- C0026
Affected Products
- cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qc_215_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_855_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:snapdragon_high_med_2016_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
← Back to Home