Tencent Blade Team that is founded by Tencent Security Platform has discovered vulnerabilities in Qualcomm Snapdragon 835 and 845 chips. Coined as QualPwn, the vulnerabilities allow attackers to compromise the WLAN and Modem over-the-air and the Android Kernel from the WLAN chip.
The team did not test all the phones running on Snapdragon 835 and 845, they only tested Google Pixel 2 and Pixel 3 phones. The test results indicate that unpatched phones running on these chipsets may be vulnerable. The team has reported all the details to Google and Qualcomm who have issued fixes. Qualcomm released a security bulletin to OEMs in June and asked them to download and incorporate appropriate patches.
Tencent Blade Team will share details of QualPwn at BlackHat USA 2019 and DEFCON 27.