CVE-2013-3051

2013-04-1310:56:19

CWE-16

mitre

web.nvd.nist.gov

In Wild

trustzone

kernel

motorola

android

bootloader

qualcomm

cve-2013-3051

vulnerability

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

40.5%

JSON

The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596.

Affected configurations

Nvd

Node

qualcommmsm8960Match-

motorolaandroidMatch4.1.2

AND

motorolaatrix_hdMatch-

motorolarazr_hdMatch-

motorolarazr_mMatch-

VendorProductVersionCPE
qualcommmsm8960-cpe:2.3:h:qualcomm:msm8960:-:*:*:*:*:*:*:*
motorolaandroid4.1.2cpe:2.3:o:motorola:android:4.1.2:*:*:*:*:*:*:*
motorolaatrix_hd-cpe:2.3:h:motorola:atrix_hd:-:*:*:*:*:*:*:*
motorolarazr_hd-cpe:2.3:h:motorola:razr_hd:-:*:*:*:*:*:*:*
motorolarazr_m-cpe:2.3:h:motorola:razr_m:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	msm8960	-	cpe:2.3:h:qualcomm:msm8960:-:::::::*
motorola	android	4.1.2	cpe:2.3:o:motorola:android:4.1.2:::::::*
motorola	atrix_hd	-	cpe:2.3:h:motorola:atrix_hd:-:::::::*
motorola	razr_hd	-	cpe:2.3:h:motorola:razr_hd:-:::::::*
motorola	razr_m	-	cpe:2.3:h:motorola:razr_m:-:::::::*