CVE-2019-9455

Published: Sep 6, 2019Modified: Nov 21, 2024

2.3

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Exploitability: 0.8 / Impact: 1.4

Source: NVD

Description

In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Affected (2)

Products: Google: Android · Opensuse: Leap

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Related CWEs

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (4)

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

Source: security@android.com

Mailing ListThird Party Advisory

https://source.android.com/security/bulletin/pixel/2019-09-01

Source: security@android.com

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://source.android.com/security/bulletin/pixel/2019-09-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.