CVE-2019-9456 — Out-of-bounds Write in Linux

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 89.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Opensuse Leap

Timeline

PublishedSep 6

Latest updateMay 24

Description

In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶Debianlinux/linux_kernel< 4.15.11-1+3

▶debiandebian/linux< linux 4.15.11-1 (bookworm)

▶NVDopensuse/leap15.0, 15.1+1

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-hg44-2qxp-fx9c: In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check↗2022-05-24

▶

OSV

CVE-2019-9456: In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check↗2019-09-06

▶

📋Vendor Advisories

Red Hat

kernel: OOB write due to missing bounds check leads to local privilege escalation↗2019-09-03

▶

Debian

CVE-2019-9456: linux - In the Android kernel in Pixel C USB monitor driver there is a possible OOB writ...↗2019

▶

💬Community

Bugzilla

CVE-2019-9456 kernel: OOB write due to missing bounds check leads to local privilege escalation↗2020-03-31

▶

Bugzilla

CVE-2019-9456 kernel: OOB write due to missing bounds check leads to local privilege escalation [fedora-all]↗2020-03-31

▶