In Android prior to 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, DRM provisioning mechanisms used in QSEE applications have a feature to prevent further provisioning. This is done by creating an SFS file called 'finalize_prov_flag.data' at the end of provisioning. When this feature is enabled, provisioning calls check for the existence of the file in order to decide whether to do provisioning or not. Current implementation allows provisioning without sufficient checks.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
qualcomm mdm9206_firmware - |
||
qualcomm mdm9607_firmware - |
||
qualcomm ipq4019_firmware - |
||
qualcomm sd_820a_firmware - |
||
qualcomm mdm9650_firmware - |
||
qualcomm msm8909w_firmware - |
||
qualcomm sd_210_firmware - |
||
qualcomm sd_212_firmware - |
||
qualcomm sd_205_firmware - |
||
qualcomm sd_400_firmware - |
||
qualcomm sd_410_firmware - |
||
qualcomm sd_412_firmware - |
||
qualcomm sd_425_firmware - |
||
qualcomm sd_430_firmware - |
||
qualcomm sd_450_firmware - |
||
qualcomm sd_615_firmware - |
||
qualcomm sd_616_firmware - |
||
qualcomm sd_415_firmware - |
||
qualcomm sd_617_firmware - |
||
qualcomm sd_625_firmware - |
||
qualcomm sd_650_firmware - |
||
qualcomm sd_652_firmware - |
||
qualcomm sd_800_firmware - |
||
qualcomm sd_808_firmware - |
||
qualcomm sd_810_firmware - |
||
qualcomm sd_820_firmware - |
||
qualcomm sd_835_firmware - |
||
qualcomm sd_845_firmware - |
||
qualcomm sd_850_firmware - |
Vulmon