Security experts at Tencent Blade, the security elite
The over-the-air attack could be launched when the attacker and the target share the same WiFi network, this specific attack doesn’t require user interaction.
The QualPwn bugs affect Qualcomm’s Snapdragon 835 and the 845 WLAN component.
The first vulnerability, tracked as CVE-2019-10538 is a buffer overflow that impacts the Qualcomm WLAN component and the Android Kernel.
The flaw was rated as a high severity issue, it was addressed with a code fix in the Android operating system source code.
The second flaw, tracked as CVE-2019-10540, is a buffer overflow issue that affects the Qualcomm WLAN and modem firmware that ships with Qualcomm chips. According to the Qualcomm’s security advisory the CVE-2019-10540 flaw affects many
The vulnerability received a critical severity rating and was addressed with a code fix in Qualcomm’s closed-source firmware that ships on a limited set of devices.
Experts explained that they didn’t test all the Qualcomm chips, but only the Google Pixel2 and Pixel3 devices and verified that
Tencent Blade said they discovered the bugs on their own, and that they haven’t seen any public exploitation attempts, to their knowledge.
The good news is that the Android Security Bulletin for August 2019 addresses both QualPwn bugs.
Qualcomm has already issued fixes to OEMs, and is encouraging end-users to update their devices as patches become available from OEMs.
Unfortunately, a large number of devices will remain vulnerable for a long time because for different reasons that will not be eligible for updates from the vendor. Another aspect to consider is that not all vendors will push the Android update as soon as Google releases it.
(SecurityAffairs – QualPwn bugs, Android)