First Last Prev Next    This bug is not in your last search results.
Bug 1150028 - (CVE-2019-9453) VUL-1: CVE-2019-9453: kernel-source: F2FS touch driver has a possible out of bounds read due to improper input validation
(CVE-2019-9453)
VUL-1: CVE-2019-9453: kernel-source: F2FS touch driver has a possible out of ...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/241936/
CVSSv2:NVD:CVE-2019-9453:2.1:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-09 14:05 UTC by Alexander Bergmann
Modified: 2019-11-20 16:13 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-09-09 14:05:43 UTC 
CVE-2019-9453

In the Android kernel in F2FS touch driver there is a possible out of bounds
read due to improper input validation. This could lead to local information
disclosure with system execution privileges needed. User interaction is not
needed for exploitation.

Upstream patch:
https://lore.kernel.org/patchwork/patch/1060480/

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9453
http://www.cvedetails.com/cve/CVE-2019-9453/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9453
https://source.android.com/security/bulletin/pixel/2019-09-01
Comment 1 Takashi Iwai 2019-09-09 16:25:17 UTC 
We disable f2fs on all branches explicitly, so unaffected.
Reassigned back to security team.
Comment 2 Alexander Bergmann 2019-11-20 16:13:33 UTC 
Issue does not affect SUSE or openSUSE.
First Last Prev Next    This bug is not in your last search results.