CVE-2018-19939

Name of the Vulnerable Software and Affected Versions Goodix GT9xx touchscreen driver versions prior to the version that fixes the NULL pointer dereference issue

Description The issue is related to a NULL pointer dereference in the kfree function after a kmalloc failure in the gtp read Color function, located in the gt9xx.c file. This problem affects custom Linux kernels on specific Xiaomi devices, including Mi A2 Lite and RedMi6 pro, as used through 2018-08-27.

Recommendations For the Goodix GT9xx touchscreen driver, as a temporary workaround, consider disabling the gtp read Color function in the gt9xx.c file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.