Vulnerability Description
User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Mdm9607 Firmware | - |
| Qualcomm | Mdm9607 | - |
| Qualcomm | Mdm9640 Firmware | - |
| Qualcomm | Mdm9640 | - |
| Qualcomm | Sd 425 Firmware | - |
| Qualcomm | Sd 425 | - |
| Qualcomm | Sd 427 Firmware | - |
| Qualcomm | Sd 427 | - |
| Qualcomm | Sd 430 Firmware | - |
| Qualcomm | Sd 430 | - |
| Qualcomm | Sd 435 Firmware | - |
| Qualcomm | Sd 435 | - |
| Qualcomm | Sd 450 Firmware | - |
| Qualcomm | Sd 450 | - |
| Qualcomm | Sd 625 Firmware | - |
| Qualcomm | Sd 625 | - |
| Qualcomm | Sd 636 Firmware | - |
| Qualcomm | Sd 636 | - |
| Qualcomm | Sd 712 Firmware | - |
| Qualcomm | Sd 712 | - |
Related Weaknesses (CWE)
References
- https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-sePatchThird Party Advisory
- https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-sePatchThird Party Advisory
FAQ
What is CVE-2019-2278?
CVE-2019-2278 is a vulnerability with a CVSS score of 7.8 (HIGH). User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, ...
How severe is CVE-2019-2278?
CVE-2019-2278 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-2278?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Mdm9607 Firmware, Qualcomm Mdm9607, Qualcomm Mdm9640 Firmware, Qualcomm Mdm9640, Qualcomm Sd 425 Firmware.