Vulnerability Details CVE-2019-9445
In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.3%
CVSS Severity
CVSS v3 Score 4.4
CVSS v2 Score 2.1
References
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://source.android.com/security/bulletin/pixel/2019-09-01
- https://usn.ubuntu.com/4526-1/
- https://usn.ubuntu.com/4527-1/
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
- https://source.android.com/security/bulletin/pixel/2019-09-01
- https://usn.ubuntu.com/4526-1/
- https://usn.ubuntu.com/4527-1/
Products affected by CVE-2019-9445
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:google:android:-