Vulnerabilities > CVE-2013-3051 - Configuration vulnerability in multiple products

CVSS 6.2 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

high complexity

qualcomm

motorola

CWE-16

NVD

Published: 2013-04-13

Updated: 2013-04-15

Summary

The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596.

Vulnerable Configurations

Part	Description	Count
Hardware	Qualcomm Qualcomm Msm8960 -	1
Hardware	Motorola Motorola Atrix HD - Motorola Razr HD - Motorola Razr M -	3
OS	Motorola Motorola Android 4.1.2	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References