CVE Vulnerability

CVE-2018-20787

The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the size argument in tpdbg_write in drivers/input/touchscreen/ft5x46/ft5x46_ts.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device.

7.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

Scope

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/MiCode/Xiaomi_Kernel_OpenSource/issues/991 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:micode:xiaomi_perseus-p-oss:*:*:*:*:*:*:*:*
Information

Published : 2019-02-25 04:29

Updated : 2019-02-26 04:58

NVD link : CVE-2018-20787

Mitre link : CVE-2018-20787

Products Affected
No products.
CWE
CWE-190