CVE-2018-19939
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.
El controlador de pantalla táctil Goodix GT9xx para Linux Kernels personalizados en Xiaomi daisy-o-oss y daisy-p-oss, tal como se usa en los dispositivos Mi A2 Lite y RedMi6 pro hasta 27/08/2018, tiene una diferencia de puntero NULL en kfree después de una falla de kmalloc en gtp_read_Color en drivers / input / touchscreen / gt917d / gt9xx.c.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-07 CVE Reserved
- 2018-12-07 CVE Published
- 2024-08-05 CVE Updated
- 2024-10-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/MiCode/Xiaomi_Kernel_OpenSource/issues/972 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mi Search vendor "Mi" | Mi A2 Lite Firmware Search vendor "Mi" for product "Mi A2 Lite Firmware" | <= 2018-08-27 Search vendor "Mi" for product "Mi A2 Lite Firmware" and version " <= 2018-08-27" | - |
Affected
| in | Mi Search vendor "Mi" | Mi A2 Lite Search vendor "Mi" for product "Mi A2 Lite" | - | - |
Safe
|
| Mi Search vendor "Mi" | Redmi 6 Firmware Search vendor "Mi" for product "Redmi 6 Firmware" | <= 2018-08-27 Search vendor "Mi" for product "Redmi 6 Firmware" and version " <= 2018-08-27" | - |
Affected
| in | Mi Search vendor "Mi" | Redmi 6 Search vendor "Mi" for product "Redmi 6" | - | - |
Safe
|