[QPSIIR-80] Qualcomm TrustZone Integer Signedness bug
Posted on Thu 18 December 2014 in Advisory • Tagged with vulnerability, advisory, arm, security, qualcomm, android, trustzone
Summary
Qualcomm TrustZone is prone to an
integer signedness bug that may allow to write NULL words to barely
controllable locations in memory.
The vulnerability can be triggered from Non-Secure World through the TrustZone call "tzbsp_smmu_fault_regs_dump".
This issue has been discovered in Samsung Galaxy S5 firmware, but other devices can …
The vulnerability can be triggered from Non-Secure World through the TrustZone call "tzbsp_smmu_fault_regs_dump".
This issue has been discovered in Samsung Galaxy S5 firmware, but other devices can …
Continue reading