CVE-2019-9455

Advisory lineage Upstream: 0 Downstream: 17

Downstream

DEBIAN-CVE-2019-9455 OPENSUSE-SU-2020:0801-1 RHSA-2020:4431 RHSA-2020:4609 SUSE-SU-2020:1255-1 SUSE-SU-2020:1275-1

Modified

Published: 06 Sept 2019, 21:51

Last modified:04 Aug 2024, 21:46

Vulnerability Summary

Overall Risk (default)

minimal

9/100

CVSS Score

2.3 LOW

v3.1 (nvd)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Sept 2019, 21:51

Published

Vulnerability first disclosed

04 Aug 2024, 21:46

Last Modified

Vulnerability information updated

Description

In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVSS Metrics

v3.1•LOW•Score: 2.3CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.02%• Percentile: 7%

Techniques & Countermeasures

CWE-209•Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
CWE-617•Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Affected Systems

google•android
na
opensuse•leap
15.1