Description
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.
CVSS Metrics
- Vector
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- physical
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-522
Metadata
- Primary Vendor
- LINUXFOUNDATION
- Published
- 3/2/2026
- Last Modified
- 3/3/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
linuxfoundation : yoctordkcentral : rdk-brdkcentral : rdk-bgoogle : androidgoogle : androidgoogle : androidopenwrt : openwrtopenwrt : openwrtzephyrproject : zephyr
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.