漏洞标题
N/A
漏洞描述信息
高级操作系统(HLOS)没有足够的内存地址信息,以确保Qualcomm Secure Execution Environment (QSEE)中的安全应用程序只写入与QSEE安全应用程序的HLOS客户端相关的合法内存范围。当Qualcomm Secure Execution Environment (QSEE)中的安全应用程序从高级操作系统(HLOS)如Linux Android接收内存地址时,这些地址先前已被验证为属于HLOS内存空间而不是QSEE内存空间,但它们没有被验证来自HLOS用户空间而不是内核空间。这种验证的缺失可能导致HLOS中的权限升级。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges related to the QSEE secure application's HLOS client. When secure applications inside Qualcomm Secure Execution Environment (QSEE) receive memory addresses from a high level operating system (HLOS) such as Linux Android, those address have previously been verified as belonging to HLOS memory space rather than QSEE memory space, but they were not verified to be from HLOS user space rather than kernel space. This lack of verification could lead to privilege escalation within the HLOS.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Android Qualcomm TrustZone 信息泄露漏洞
漏洞描述信息
Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。Qualcomm TrustZone是其中的一个系统范围的安全技术。 多款Google产品上的Android中的Qualcomm TrustZone存在信息泄露漏洞。攻击者可借助本地恶意的应用程序利用该漏洞未授权读取数据。以下产品受到影响:Nexus 5X;Nexus 6;Nexus 6P;Pixel;Pixel XL;Android One。
CVSS信息
N/A
漏洞类别
信息泄露