CVE-2018-5913 in Snapdragon Auto
Summary
by MITRE
A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/24/2020
The vulnerability described in CVE-2018-5913 represents a critical side-channel attack vector through the use of a non-time constant implementation of the memcmp function within Qualcomm's mobile and automotive silicon platforms. This flaw exists across a wide range of Snapdragon chipsets including MDM9150, MDM9206, and various SDM and QCS series processors, affecting automotive, consumer electronics, and IoT devices. The issue stems from the implementation of a timing-variant comparison function that does not execute in constant time regardless of input values, creating predictable timing variations that can be exploited by attackers to infer sensitive information through side-channel analysis.
The technical implementation of this vulnerability involves the use of a memcmp function that exhibits variable execution time based on the input data being compared. In cryptographic contexts, such as password verification or authentication checks, this timing variation can reveal information about the expected values through differential timing analysis. When an attacker can measure the time taken for a comparison operation, they can use statistical methods to determine the correct values of secrets, potentially leading to credential compromise or key extraction. This particular vulnerability aligns with CWE-203, which specifically addresses the exposure of sensitive information through side channels, and represents a classic example of timing attacks that have been documented in security literature for decades.
The operational impact of this vulnerability extends across multiple device categories including automotive systems, mobile devices, industrial IoT deployments, and consumer electronics. Given the widespread deployment of affected Snapdragon chipsets in smartphones, tablets, automotive infotainment systems, and various connected devices, the potential attack surface is extensive. The vulnerability affects not just consumer devices but also critical automotive systems that rely on Qualcomm's processors for connectivity, infotainment, and vehicle control functions. Attackers could potentially exploit this weakness to extract cryptographic keys, passwords, or other sensitive data from devices running vulnerable firmware versions.
Mitigation strategies for this vulnerability require careful attention to both software and hardware security measures. The most effective immediate solution involves updating firmware and software components to versions that implement time-constant comparison functions throughout the system. Security researchers and device manufacturers should implement proper constant-time algorithms for all cryptographic comparisons, ensuring that the execution time remains independent of input values. Organizations should also consider implementing additional security monitoring to detect potential timing-based attacks and ensure that all cryptographic operations use secure comparison functions that are resistant to side-channel analysis. This vulnerability demonstrates the critical importance of constant-time algorithm implementation in security-sensitive contexts and aligns with ATT&CK technique T1082, which covers system information discovery through timing variations that can reveal system characteristics. The widespread nature of affected devices necessitates coordinated remediation efforts across multiple vendors and security teams to ensure comprehensive protection against timing-based side-channel attacks that could compromise the security of critical systems.