CVE-2018-19939
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial
Description
AI Translation Available
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0028
Percentile
0,5th
Updated
EPSS Score Trend (Last 90 Days)
476
NULL Pointer Dereference
StableCommon Consequences
Security Scopes Affected:
Availability
Integrity
Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Read Memory
Modify Memory
Applicable Platforms
Languages:
C, C#, C++, Go, Java
Operating System
Redmi 6 Firmware by Mi
Version Range Affected
To
2018-08-27
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mi:redmi_6_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mi A2 Lite Firmware by Mi
Version Range Affected
To
2018-08-27
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:mi:mi_a2_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/MiCode/Xiaomi_Kernel_OpenSource/issues/972
https://github.com/MiCode/Xiaomi_Kernel_OpenSource/issues/972