CVE-2019-9445

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

CVSS v3.0 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3.0 : MEDIUM

Vector : AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://source.android.com/security/bulletin/pixel/2019-09-01	Vendor Advisory
https://usn.ubuntu.com/4527-1/
https://usn.ubuntu.com/4526-1/
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Information

Published : 2019-09-06 22:15

Updated : 2020-11-02 21:15

NVD link : CVE-2019-9445

Mitre link : CVE-2019-9445

JSON object : View

Products Affected

google

android

CWE

CWE-125

Out-of-bounds Read

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://source.android.com/security/bulletin/pixel/2019-09-01", "name": "https://source.android.com/security/bulletin/pixel/2019-09-01", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://usn.ubuntu.com/4527-1/", "name": "USN-4527-1", "tags": [], "refsource": "UBUNTU"}, {"url": "https://usn.ubuntu.com/4526-1/", "name": "USN-4526-1", "tags": [], "refsource": "UBUNTU"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html", "name": "[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update", "tags": [], "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html", "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-125"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-9445", "ASSIGNER": "security@android.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}}, "publishedDate": "2019-09-06T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-11-02T21:15Z"}