NotCVE-2023-0001 - Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
Date | Vendor | Attack Vector | Impact |
---|---|---|---|
2023-11-16 |
Qualcomm
|
Physical
|
Confidentiality, Integrity, Availability
|
CWE | CVSS 3.1 | EPSS (30-day Exploit Prob.) |
---|---|---|
0.15 %
|
Description | |||
---|---|---|---|
A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check.
|
Vendor | Product | Version | Package Name |
---|---|---|---|
Qualcomm | MSM8916 | 1.0 | - |
N/A | APQ8016 | Rev. D | - |
N/A | APQ8016E | Rev. D | - |
Discoverer(s)/Credits |
---|
Cyber Intelligence S.L.
|
Common Attack Pattern Enumeration and Classification (CAPEC) |
---|
CAPEC-624: Hardware Fault Injection
|
References |
---|
Exploitability Metrics
Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope |
---|---|---|---|---|
Physical | Low | None | None | Changed |
Impact Metrics
Confidentiality Impact | Integrity Impact | Availability Impact |
---|---|---|
High | High | High |