Vulnerability Details CVE-2018-19939
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-19939
-
cpe:2.3:h:mi:mi_a2_lite:-
-
cpe:2.3:h:mi:redmi_6:-
-
cpe:2.3:o:mi:mi_a2_lite_firmware:-
-
cpe:2.3:o:mi:mi_a2_lite_firmware:2018-08-27
-
cpe:2.3:o:mi:redmi_6_firmware:-
-
cpe:2.3:o:mi:redmi_6_firmware:2018-08-27