Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.
Improper configuration of the Touch Pal application causes data regarding user behavior (e.g., keyboard interactions or other system events) to be collected implicitly. The user is not informed about this process nor does he consent to it. The vulnerability affects firmware of selected Qualcomm modem platforms.
An attacker or unauthorized third party can gain access to data about user behavior, which constitutes a serious breach of privacy and confidentiality. Depending on the scope of collected data, it is possible to disclose sensitive personal information.
Patches available from the manufacturer should be applied in accordance with references — Qualcomm security bulletin from May 2018 (https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html). It is recommended to update the firmware of devices based on vulnerable platforms.
Qualcomm MDM9206 Firmware, Qualcomm MDM9607 Firmware, Qualcomm MDM9640 Firmware and corresponding hardware platforms (MDM9206, MDM9607). Specific firmware versions indicated in manufacturer references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HQualcomm 215
HWQualcommwszystkie wersjeQualcomm 215 Firmware
OSQualcommwszystkie wersjeQualcomm Mdm9206
HWQualcommwszystkie wersjeQualcomm Mdm9206 Firmware
OSQualcommwszystkie wersjeQualcomm Mdm9607
HWQualcommwszystkie wersjeQualcomm Mdm9607 Firmware
OSQualcommwszystkie wersjeQualcomm Mdm9640
HWQualcommwszystkie wersjeQualcomm Mdm9640 Firmware
OSQualcommwszystkie wersjeQualcomm Mdm9650
HWQualcommwszystkie wersjeQualcomm Mdm9650 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 205
HWQualcommwszystkie wersjeQualcomm Sd 205 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 210
HWQualcommwszystkie wersjeQualcomm Sd 210 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 212
HWQualcommwszystkie wersjeQualcomm Sd 212 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 425
HWQualcommwszystkie wersjeQualcomm Sd 425 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 427
HWQualcommwszystkie wersjeQualcomm Sd 427 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 429
HWQualcommwszystkie wersjeQualcomm Sd 429 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 430
HWQualcommwszystkie wersjeQualcomm Sd 430 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 435
HWQualcommwszystkie wersjeQualcomm Sd 435 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 439
HWQualcommwszystkie wersjeQualcomm Sd 439 Firmware
OSQualcommwszystkie wersjeQualcomm Sd 450
HWQualcommwszystkie wersjeQualcomm Sd 450 Firmware
OSQualcommwszystkie wersje
Related vulnerabilities
Qualcomm: Nieprawidłowy dostęp do pamięci przy dekodowaniu VP9 (sprzętowe)
Qualcomm SD 450/625/820 — odczyt poza granicami bufora w obsłudze ramek 802.11
Pominięcie uwierzytelnienia w sieciach LTE w modemach Qualcomm
Memory corruption w HLOS podczas obsługi PlayReady w chipsetach Qualcomm
Memory Corruption in Multi-mode Call Processor while processing bit mask API.