In Qualcomm's wireless chip stack three vulnerabilities, codenamed "QualPwn." The first issue (CVE-2019-10539) allows remote attacks on devices based on the platform. Android via Wi-Fi. The second issue is present in proprietary firmware with the Qualcomm wireless stack and allows access to the baseband modem (CVE-2019-10540). The third issue in the icnss driver (CVE-2019-10538) and makes it possible to achieve execution of your code at the platform kernel level AndroidIf the combination of these vulnerabilities is successfully exploited, an attacker can remotely gain control of a user's device that has Wi-Fi enabled (the attack requires that the victim and attacker be connected to the same wireless network).
The attack capability was demonstrated for Google Pixel2 and Pixel3 smartphones. Researchers estimate that the problem potentially affects more than 835 thousand devices based on the Qualcomm Snapdragon 835 SoC and newer chips (starting with the Snapdragon 835, the WLAN firmware was integrated with the modem subsystem and ran as an isolated application in user space). By Qualcomm, the problem affects several dozen different chips.
Currently, only general information about vulnerabilities is available, and details to be revealed on August 8 at the Black Hat conference. Qualcomm and Google were notified of the problems in March and have already released fixes (Qualcomm informed about the problems in , and Google has fixed vulnerabilities in platform update Android). All users of devices with Qualcomm chips are advised to install available updates.
In addition to the issues related to Qualcomm chips, the August platform update Android A critical vulnerability (CVE-2019-11516) in the Broadcom Bluetooth stack has also been fixed. This vulnerability allows an attacker to execute code in the context of a privileged process by sending a specially crafted data transfer request. In system components Android A vulnerability (CVE-2019-2130) that could allow for elevated privilege code execution when processing specially crafted PAC files has been fixed.
Source: opennet.ru
