LiveActive security incident?Get immediate response
CVE Record

CVE-2013-3051: The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola...

The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysis

Security readout for executives and security teams

This issue affects specific old Motorola Android 4.1.2 devices and could let a local user bypass the locked bootloader boundary. For a business, the concern is device trust: an unlocked bootloader can undermine assumptions about system integrity, especially for managed or sensitive mobile use. Exposure appears limited to legacy Motorola Razr HD, Razr M, and Atrix HD devices running the specified Motorola Android 4.1.2 build with Qualcomm MSM8960. The bundle does not identify broader affected products or CPEs. Treat this as a legacy mobile-device integrity risk, not a broad infrastructure emergency. Priority is highest where these devices still access corporate mail, identity apps, regulated data, or privileged operational systems. Mitigation focus: Inventory managed mobile fleets for the listed Motorola models and Android 4.1.2 builds.; Check Motorola or carrier guidance for firmware updates or official remediation.; Retire affected legacy devices from sensitive or managed corporate use if updates are unavailable..

Prepared

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2013-3051 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
1Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.