CVE-2019-9111

Name of the Vulnerable Software and Affected Versions msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26

Description The issue is caused by an integer overflow due to missing checks of the count argument in the sde evtlog filter write function in drivers/gpu/drm/msm/sde dbg.c. This can be exploited to cause a device crash via a syscall by a crafted application on a rooted device.

Recommendations For the msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26, consider disabling the sde evtlog filter write function as a temporary workaround until a patch is available. Restrict access to the drivers/gpu/drm/msm/sde dbg.c module to minimize the risk of exploitation. Avoid using the count argument in the affected syscall until the issue is resolved.