PT-2019-19020 · Linux Foundation+1 · Linux+1
Published
2019-02-17
·
Updated
2022-09-22
·
CVE-2019-8413
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Xiaomi MIX 2 devices with kernel version 4.4.78
Description
A NULL pointer dereference issue exists in the ioctl interface of the device files
/dev/elliptic1 or /dev/elliptic0, which can cause a system crash when IOCTL 0x4008c575 (decimal 1074316661) is used.Recommendations
For Xiaomi MIX 2 devices with kernel version 4.4.78, as a temporary workaround, consider restricting access to the
/dev/elliptic1 and /dev/elliptic0 device files to minimize the risk of exploitation. Avoid using IOCTL 0x4008c575 in the affected ioctl interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux
Xiaomi Mix 2