CVE-2019-9445

MEDIUM4.4

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check

Published Sep 6, 2019

Modified 1 years ago

No fix available

Details

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

References

WEBhttps://lists.debian.org/debian-lts-announce/2020/10/msg00032.html WEBhttps://lists.debian.org/debian-lts-announce/2020/10/msg00034.html WEBhttps://source.android.com/security/bulletin/pixel/2019-09-01 ADVISORYhttps://usn.ubuntu.com/4526-1/ADVISORYhttps://usn.ubuntu.com/4527-1/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2019-9445

CVSS Analysis

CVSS v3.1

4.4

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

4.4/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Ecosystems

Timeline

PublishedSep 6, 2019

ModifiedAug 4, 2024