Private Key Extraction from Qualcomm Hardware-backed Keystores (CVE-2018-11976)

Today I became aware of Technical Advisory: Private Key Extraction from Qualcomm Hardware-backed Keystores. Surprisingly, the SD800/SD801/MSM8974AA/MSM8974AB-AB does not appear to be vulnerable. I guess because it does not have an ARM TrustZone?

I then skimmed through the list of Qualcomm security bulletins and wondered if all of these are fixed in the current FP2/Qcom firmware binary blob. Does anyone know?

Well, as vendor security patches are dated April 2018, i guess we have our share of vulnerabilities. Maybe I’m mistaken…
(Also, i think the chipset is abandoned by qcom)

1 Like

On my FP2 running the latest Fairphone OS 19.02.1, the patchlevel is “1 december 2018”. This might of course be different for other OSes and older versions.

this is quite awesome! scnr


LineageOS gives two patch levels separately …

The “Android security patch level” concerning the OS is recent and kept up to date by the LineageOS community.
Fairphone respectively would keep that as up to date as they can for their OSes.

The “Vendor security patch level” @lklaus mentioned stays at 1 April 2018 currently, as long as nobody patches Qualcomms last #modemfiles.

I think this topic is about the Qualcomm stuff.


This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.