Insufficient Verification of Data Authenticity

CVE-2019-10492

High

7.8/10

Summary

Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 820, SD 820A, SDM439

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-345 - Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

References

Advisory Timeline

Published Sep 30, 2019

Insufficient Verification of Data Authenticity

CVE-2019-10492

Summary

CWE-345 - Insufficient Verification of Data Authenticity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS