Information

Lack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Discretix Digital Content Protection (dxhdcp2) trustlet allowing a potential data leak.

LG Vulnerability ID: LVE-SMP-190005.



References:
https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/
https://lgsecurity.lge.com/security_updates.html (SMR-JUL-2019)