CVE-2018-19939

Published: Dec 7, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.

Affected (2)

Products: Mi: Mi A2 Lite Firmware, Redmi 6 Firmware

2 products

Mi A2 Lite Firmware

Redmi 6 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mi Mi A2 Lite Firmware	Up to 2018-08-27

Running on/with	Platform Versions
Mi Mi A2 Lite	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mi Redmi 6 Firmware	Up to 2018-08-27

Running on/with	Platform Versions
Mi Redmi 6	All versions

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

https://github.com/MiCode/Xiaomi_Kernel_OpenSource/issues/972

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/MiCode/Xiaomi_Kernel_OpenSource/issues/972

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.