CVE-2018-20787

Name of the Vulnerable Software and Affected Versions: ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26

Description: The issue is caused by an integer overflow due to missing size argument checks in the tpdbg write function within the ft5x46 ts.c file. This can be exploited to crash a device via a syscall by a crafted application on a rooted device.

Recommendations: For the ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26, consider disabling the tpdbg write function in drivers/input/touchscreen/ft5x46/ft5x46 ts.c as a temporary workaround to prevent device crashes until a patch is available.