PT-2019-14677 · Google+1 · Chrome Os+1

Published

2019-10-01

Updated

2019-10-08

CVE-2019-16508

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Imagination Technologies driver for Chrome OS versions prior to R74-11895.B Imagination Technologies driver for Chrome OS versions prior to R75-12105.B Imagination Technologies driver for Chrome OS versions prior to R76-12208.0.0

Description The issue allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler.

Recommendations For versions prior to R74-11895.B, update to R74-11895.B or later. For versions prior to R75-12105.B, update to R75-12105.B or later. For versions prior to R76-12208.0.0, update to R76-12208.0.0 or later.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2019-16508

Affected Products

Chrome Os

Imagination Technologies Driver

PT-2019-14677 · Google+1 · Chrome Os+1

CVE-2019-16508

Weakness Enumeration

Related Identifiers

Affected Products

References · 3