Vulnerability CVE-2013-3051


Published: 2013-04-13

Description:
The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596.

See advisories in our WLB2 database:
Topic
Author
Date
High
Motorola Bootloader Unlocking
Dan Rosenberg
16.04.2013

Type:

CWE-16

(Configuration)

Vendor: Motorola
Product: Android 
Version: 4.1.2;
Product: Atrix hd 
Product: Razr m 
Product: Razr hd 
Vendor: Qualcomm
Product: Msm8960 

CVSS2 => (AV:L/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.2/10
10/10
1.9/10
Exploit range
Attack complexity
Authentication
Local
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.droid-life.com/2013/04/08/motorola-razr-hd-razr-m-and-atrix-hd-bootloader-unlock-released/
http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html

Related CVE
CVE-2017-18155
While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault.
CVE-2018-5894
Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur.
CVE-2018-5892
The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear.
CVE-2018-5891
While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated w...
CVE-2018-5885
While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear.
CVE-2018-5884
Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.
CVE-2018-5882
While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
CVE-2018-5878
While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

Copyright 2018, cxsecurity.com

 

Back to Top