CVE-2019-9453

NameCVE-2019-9453
DescriptionIn the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie3.16.56-1+deb8u1vulnerable
jessie (security)3.16.72-1vulnerable
stretch4.9.189-3vulnerable
stretch (security)4.9.168-1+deb9u5vulnerable
buster4.19.67-2fixed
buster (security)4.19.37-5+deb10u2vulnerable
bullseye, sid5.2.9-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)5.2.6-1low
linuxsourcebuster4.19.67-1low

Notes

https://git.kernel.org/linus/2777e654371dd4207a3a7f4fb5fa39550053a080

Search for package or bug name: Reporting problems