Published: 11/07/2016 Updated: 11/07/2016

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 632

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android prior to 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows malicious users to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android

Boffins hijack bootloaders for fun and games on Android

The Register • Richard Chirgwin • 06 Sep 2017

One of these days the 'BootStomp' attack is gonna walk all over your smartmobe

University of California Santa Barbara researchers have turned up bootloader vulnerabilities across a bunch of Android chipsets from six vendors. The team of nine researchers decided to look at a little-studied aspect Android architecture – the interaction between OS and chip at power-up. To get inside that operation, they built a tool dubbed “BootStomp” “designed to locate problematic areas where input from an attacker in control of the OS can compromise the bootloader’s execution, or...

CVE-2014-9798

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect