Date	Vendor	Attack Vector	Impact
2023-11-16	Qualcomm	Physical	Confidentiality, Integrity, Availability

CWE	CVSS 3.1	EPSS (30-day Exploit Prob.)
CWE-1247: Improper Protection Against Voltage and Clock Glitches	7.6	0.15 %

Description
A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check.

Vendor	Product	Version	Package Name
Qualcomm	MSM8916	1.0	-
N/A	APQ8016	Rev. D	-
N/A	APQ8016E	Rev. D	-

Discoverer(s)/Credits
Cyber Intelligence S.L.

Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-624: Hardware Fault Injection

References
https://cyberintel.es/cve/notCVE-2023-0001/

Exploitability Metrics

Attack Vector	Attack Complexity	Privileges Required	User Interaction	Scope
Physical	Low	None	None	Changed

Impact Metrics

Confidentiality Impact	Integrity Impact	Availability Impact
High	High	High