Is the FP2 affected by the QualPwn Vulnerabilities?

wjg57 · August 6, 2019, 11:20am

Just stumbled upon this article:
New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking
that reports on a vulnerability of Qualcomm Chipsets that is exploitable via WLAN.

I had a look at the list of SOCs with these issues and the FP2 SOC (MSM8974AB-AB) is not in there, so probably it’s not affected, but: The SOC used in the FP2 is fairly old and it could just be, that because of the age, it is no longer in the “list of supported SOCs” and therefore would be ommitted from the list of vulnerable SOCs.

Can somebody in this forum provide some insight? Would no-longer-supported SOCs still be listed in a security bulletin? Does somebody here have definitive information on whether the FP2 chipset could possibly be affected?

Or are we just lucky this time, because having old hardware sometimes has the advantage of not having new bugs?

JeroenH · August 6, 2019, 12:52pm

Likely.

Thus far I only read this second hand source on it

https://tweakers.net/nieuws/155802/qualcomm-snapdragon-socs-zijn-kwetsbaar-voor-wifi-aanval.html

At least the Snapdragon 835 and 845 are vulnerable.

The relevant CVEs are CVE-2019-10538, CVE-2019-10539, CVE-2019-10540. Quote from https://blade.tencent.com/en/advisories/qualpwn/

The first issue (Compromise WLAN Issue) - CVE-2019-10539

The second issue (WLAN into Modem issue) - CVE-2019-10540

The third issue (Modem into Linux Kernel issue) - CVE-2019-10538

Its being published on Blackhat very soon, so this is in the wild.

I’ve disabled WLAN for now.

However there are likely miiiillions of vulnerable devices out there.

AnotherElk · August 6, 2019, 4:32pm

Google fixes Android with patch level 2019-08-05 regarding QualPwn. (German source)

So, hopefully LineageOS will have the fixes in the next few days, and Fairphone’s OSes somewhen in the next update.

StephanK · August 6, 2019, 7:24pm

I guess the meaningful patches reside in the SoC vendor update - which won’t be updated anymore in case of the Snapdragon 801.

Singulus · August 7, 2019, 7:03am

Which means any FP3 should ensure, they aquire and open ALL the code…

StephanK · August 7, 2019, 9:31am

Okay, here’s Qualcomm’s security bulletin. Relevant CVEs are 2019_10539 and 2019_10540. It seems that SD801 is not affected but maybe they just didn’t test it because of its age.

CVE 2019_10538 has been fixed in the Android kernel.

JeroenH · August 7, 2019, 11:47am

A shitload of other devices including SD208, SD210, and SD212 do contain these vulnerabilities. These are from 2014 and 2015. Are these still officially supported? The SD415 from Feb 2015 is also mentioned. The SD615 and SD616 are mentioned (from 2014/2015) but not the 610

Does the SD801 contain some kind of obscure WLAN chipset, not used in these other SD SoCs? It doesn’t say exactly which chipset here on the official website [1]

[1] https://www.qualcomm.com/products/snapdragon-processors-801

system · February 5, 2020, 11:58pm

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.