CVE-2019-2278

Published Jul 25, 2019
Last updated 4 years ago
CVSS high 7.8
Overview

Description: User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660
Source: product-security@qualcomm.com
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-347
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A35FECFB-60AE-42A8-BCBB-FEA7D5826D49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E9765187-8653-4D66-B230-B2CE862AC5C0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FD1C359-C79B-4CE8-A192-5AA34D0BF05B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "716B747E-672C-4B95-9D8E-1262338E67EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C56BC939-2FE8-4AB4-B638-35C83B224005"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E36C12E2-7064-41E6-B357-3F0E6E6D0A0F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8175FC2D-8B9C-4461-BEAE-E9C688E8A63B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "92CD09CE-75CC-418F-AB16-4685141BDE36"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE5C66CC-B00C-4581-B8FB-0632232E480D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "87F57247-08CD-473E-A517-F9E85BFC7BEA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55604764-FC96-451C-BB9B-9AD72EF5D245"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "71CEDACD-D22B-4CCD-93DA-B79CB74BDA22"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E07C621F-0BC0-40C1-9678-1AF6498AC487"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9C621A62-E346-406B-9D20-8FF6C2B0851F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06E0CC35-AC20-42D7-8FEA-CA4685E33E72"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4A2C4DED-2367-4736-A0AF-C8356F1271AD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE94E380-CB75-462E-B411-BF38F17D53B2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0947F38F-3DC2-45F1-B3B3-963922F32054"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_712_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BFF8872-645F-4A05-BAF9-7797CFBE37C6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_712:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9CB91AFF-C149-4F5C-92EC-E78E66935528"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_710_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B529780-DB0A-4F9C-AE63-6DEC593B86E5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_710:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "669E7360-E8C3-4BB8-A3B6-61BD58AFAF62"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_670_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D49606C5-7306-4F33-864C-C1905594F09C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_670:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B43964AF-7CEC-420A-935B-D3895B2BAC70"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A2D2B3B-CB28-46AA-9117-A7FA371FDE80"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE18BF66-B0DB-48BB-B43A-56F01821F5A3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C10C7CB-3B66-4F17-8146-6A85611E2BA9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B9DA765F-53DE-4FB0-B825-6C11B3177641"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24D7B67C-6FEC-48F8-9D46-778E4528BC20"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "05006807-D961-446C-B8DC-C87507F1316E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
