CVE-2019-9453Improper Input Validation in Linux

CWE-20Improper Input ValidationCWE-125Out-of-bounds ReadCWE-200Sensitive Information Exposure9 documents7 sources
Severity
4.4MEDIUMNVD
OSV4.7
EPSS
0.0%
top 89.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxCanonical Ubuntu Linux
Timeline
PublishedSep 6
Latest updateMay 24

Description

In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages3 packages

Debianlinux/linux_kernel< 5.2.6-1+3
Ubuntulinux/linux_kernel< 4.4.0-190.220
debiandebian/linux< linux 5.2.6-1 (bookworm)

Also affects: Ubuntu Linux 14.04, 16.04

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

3
GHSA
GHSA-3c2h-g633-rm9x: In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation2022-05-24
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities2020-09-24
OSV
CVE-2019-9453: In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation2019-09-06

📋Vendor Advisories

3
Ubuntu
Linux kernel vulnerabilities2020-09-24
Red Hat
kernel: out of bounds read in F2FS touch driver leads to local information disclosure2019-09-03
Debian
CVE-2019-9453: linux - In the Android kernel in F2FS touch driver there is a possible out of bounds rea...2019

💬Community

2
Bugzilla
CVE-2019-9453 kernel: out of bounds read in F2FS touch driver leads to local information disclosure [fedora-all]2020-03-31
Bugzilla
CVE-2019-9453 kernel: out of bounds read in F2FS touch driver leads to local information disclosure2020-03-31