Vulnerability Details CVE-2019-2278
User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2019-2278
-
cpe:2.3:h:qualcomm:mdm9607:-
-
cpe:2.3:h:qualcomm:mdm9640:-
-
cpe:2.3:h:qualcomm:sd_425:-
-
cpe:2.3:h:qualcomm:sd_427:-
-
cpe:2.3:h:qualcomm:sd_430:-
-
cpe:2.3:h:qualcomm:sd_435:-
-
cpe:2.3:h:qualcomm:sd_450:-
-
cpe:2.3:h:qualcomm:sd_625:-
-
cpe:2.3:h:qualcomm:sd_636:-
-
cpe:2.3:h:qualcomm:sd_670:-
-
cpe:2.3:h:qualcomm:sd_710:-
-
cpe:2.3:h:qualcomm:sd_712:-
-
cpe:2.3:h:qualcomm:sd_845:-
-
cpe:2.3:h:qualcomm:sd_850:-
-
cpe:2.3:h:qualcomm:sdm660:-
-
cpe:2.3:o:qualcomm:mdm9607_firmware:-
-
cpe:2.3:o:qualcomm:mdm9640_firmware:-
-
cpe:2.3:o:qualcomm:sd_425_firmware:-
-
cpe:2.3:o:qualcomm:sd_427_firmware:-
-
cpe:2.3:o:qualcomm:sd_430_firmware:-
-
cpe:2.3:o:qualcomm:sd_435_firmware:-
-
cpe:2.3:o:qualcomm:sd_450_firmware:-
-
cpe:2.3:o:qualcomm:sd_625_firmware:-
-
cpe:2.3:o:qualcomm:sd_636_firmware:-
-
cpe:2.3:o:qualcomm:sd_670_firmware:-
-
cpe:2.3:o:qualcomm:sd_710_firmware:-
-
cpe:2.3:o:qualcomm:sd_712_firmware:-
-
cpe:2.3:o:qualcomm:sd_845_firmware:-
-
cpe:2.3:o:qualcomm:sd_850_firmware:-
-
cpe:2.3:o:qualcomm:sdm660_firmware:-