CVE-2019-9455Information Exposure via Error Message in Linux

CWE-209Information Exposure via Error MessageCWE-617Reachable AssertionCWE-200Sensitive Information Exposure7 documents6 sources
Severity
2.3LOWNVD
EPSS
0.0%
top 93.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxOpensuse Leap
Timeline
PublishedSep 6
Latest updateMay 24

Description

In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages3 packages

Debianlinux/linux_kernel< 4.19.37-1+3
debiandebian/linux< linux 4.19.37-1 (bookworm)
NVDopensuse/leap15.1

🔴Vulnerability Details

2
GHSA
GHSA-4m68-w7c2-h86j: In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement2022-05-24
OSV
CVE-2019-9455: In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement2019-09-06

📋Vendor Advisories

2
Red Hat
kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure2019-09-03
Debian
CVE-2019-9455: linux - In the Android kernel in the video driver there is a kernel pointer leak due to ...2019

💬Community

2
Bugzilla
CVE-2019-9455 kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure [fedora-all]2020-03-31
Bugzilla
CVE-2019-9455 kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure2020-03-31