Bug 1172196 - (CVE-2019-9445) VUL-0: CVE-2019-9445: kernel-source: out of bounds read due to missing bounds check in F2FS driver leads to local information disclosure
(CVE-2019-9445)
VUL-0: CVE-2019-9445: kernel-source: out of bounds read due to missing bounds...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Kernel Bugs
Security Team bot
https://smash.suse.de/issue/241959/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-05-27 14:44 UTC by Alexandros Toptsoglou
Modified: 2020-05-27 14:45 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2020-05-27 14:44:35 UTC
CVE-2019-9445

A vulnerability was found in F2FS driver in Kernel where there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

References:

https://source.android.com/security/bulletin/pixel/2019-09-01

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1819384
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9445
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9445.html
https://access.redhat.com/security/cve/CVE-2019-9445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9445
https://source.android.com/security/bulletin/pixel/2019-09-01
Comment 1 Alexandros Toptsoglou 2020-05-27 14:45:10 UTC
We do not support F2FS