PT-2019-10228 · Xiaomi+1 · Ft5X46 Touchscreen Driver+1

Leoaccount

Published

2019-02-25

Updated

2019-02-26

CVE-2018-20787

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26

Description: The issue is caused by an integer overflow due to missing size argument checks in the tpdbg write function within the ft5x46 ts.c file. This can be exploited to crash a device via a syscall by a crafted application on a rooted device.

Recommendations: For the ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26, consider disabling the tpdbg write function in drivers/input/touchscreen/ft5x46/ft5x46 ts.c as a temporary workaround to prevent device crashes until a patch is available.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2018-20787

Affected Products

Linux

Ft5X46 Touchscreen Driver

PT-2019-10228 · Xiaomi+1 · Ft5X46 Touchscreen Driver+1

CVE-2018-20787

Weakness Enumeration

Related Identifiers

Affected Products

References · 3