NotCVE-2023-0001 - Secure Boot Bypass in MSM8916/APQ8016 Mobile SoC
| Date | CWE | Attack Type | Impact | CVSS |
|---|---|---|---|---|
| 2023-11-16 |
Physical
|
Confidentiality
|
| Description | |||
|---|---|---|---|
|
A physical attacker may leverage improper protection against voltage glitching in Qualcomm’s Secure Boot implementation in chipsets MSM8916 and APQ8016 to execute arbitrary code in the device due to a badly secured hash value check.
|
| Vendor | Product | Version | Package Name |
|---|---|---|---|
| Qualcomm | MSM8916 | 1.0 | - |
| N/A | APQ8016 | Rev. D | - |
| N/A | APQ8016E | Rev. D | - |
| Discoverer(s)/Credits |
|---|
|
Cyber Intelligence S.L.
|
| Common Attack Pattern Enumeration and Classification (CAPEC) |
|---|
|
CAPEC-624: Hardware Fault Injection
|
| References |
|---|
Exploitability Metrics
| Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope |
|---|---|---|---|---|
|
Physical
|
Low
|
None
|
None | Changed |
Impact Metrics
| Confidentiality Impact | Integrity Impact | Availability Impact |
|---|---|---|
|
High
|
High
|
High
|