The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2019-06-14T17:02:09

Updated: 2024-08-05T09:14:47.386Z

Reserved: 2018-07-11T00:00:00

Link: CVE-2018-13906

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-06-14T17:29:00.767

Modified: 2019-06-18T15:55:49.107

Link: CVE-2018-13906

cve-icon Redhat

No data.