CVE-2018-20823 Information

Description

The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal aka a MEMS ultrasound attack.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://hackaday.com/2018/07/17/freak-out-your-smartphone-with-ultrasound/ https://medium.com/@juliodellaflora/ultrassom-pode-causar-anomalias-no-giroscC3B3pio-do-xiaomi-mi5s-plus-4050d718bc7f

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5