CVE-2019-2278
First published: Mon Jul 01 2019(Updated: )
User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Qualcomm Mdm9607 | ||
| Qualcomm Mdm9640 Firmware | ||
| Qualcomm Mdm9640 | ||
| Qualcomm Sd 425 Firmware | ||
| Qualcomm Sd 425 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd 430 Firmware | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sd 435 | ||
| Qualcomm Sd 450 Firmware | ||
| Qualcomm Sd 450 | ||
| Qualcomm Sd 625 Firmware | ||
| Qualcomm Sd 625 | ||
| Qualcomm Sd 636 Firmware | ||
| Qualcomm Sd 636 | ||
| Qualcomm Sd 712 Firmware | ||
| Qualcomm Sd 712 | ||
| Qualcomm Sd 710 Firmware | ||
| Qualcomm Sd 710 | ||
| Qualcomm Sd 670 Firmware | ||
| Qualcomm Sd 670 | ||
| Qualcomm Sd 845 Firmware | ||
| Qualcomm Sd 845 | ||
| Qualcomm Sd 850 Firmware | ||
| Qualcomm Sd 850 | ||
| Qualcomm Sdm660 Firmware | ||
| Qualcomm Sdm660 | ||
| Google Android |
Remedy
https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-2278?
CVE-2019-2278 is a vulnerability that allows an attacker to bypass boot image signature verification in certain Snapdragon processors.
Which products and firmware versions are affected by CVE-2019-2278?
CVE-2019-2278 affects Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712, SD 710, SD 670, SD 845, and SD 850 firmware versions.
What is the severity of CVE-2019-2278?
CVE-2019-2278 has a severity of 7.8, which is classified as high.
How can an attacker exploit CVE-2019-2278?
An attacker can exploit CVE-2019-2278 to bypass boot image signature verification, which may lead to unauthorized access or tampering of the device.
Where can I find more information about CVE-2019-2278?
You can find more information about CVE-2019-2278 in the references provided: [source.codeaurora.org](https://source.codeaurora.org/quic/le/kernel/lk/commit/?id=8ac15b064823c01aafc4264b9b4c7b0b16d057a6), [source.android.com](https://source.android.com/docs/security/bulletin/2019-07-01), [codeaurora.org](https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/qualcomm
- canonical/google android
- canonical/qualcomm mdm9607
- canonical/qualcomm mdm9640 firmware
- canonical/qualcomm mdm9640
- canonical/qualcomm sd 425 firmware
- canonical/qualcomm sd 425
- canonical/qualcomm sd 430 firmware
- canonical/qualcomm sd 435
- canonical/qualcomm sd 450 firmware
- canonical/qualcomm sd 450
- canonical/qualcomm sd 625 firmware
- canonical/qualcomm sd 625
- canonical/qualcomm sd 636 firmware
- canonical/qualcomm sd 636
- canonical/qualcomm sd 712 firmware
- canonical/qualcomm sd 712
- canonical/qualcomm sd 710 firmware
- canonical/qualcomm sd 710
- canonical/qualcomm sd 670 firmware
- canonical/qualcomm sd 670
- canonical/qualcomm sd 845 firmware
- canonical/qualcomm sd 845
- canonical/qualcomm sd 850 firmware
- canonical/qualcomm sd 850
- canonical/qualcomm sdm660 firmware
- canonical/qualcomm sdm660
- vendor/google