CVE-2019-19273

On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write/	Exploit Third Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:google:android:8.0:::::::*
	cpe:2.3:o:google:android:9.0:::::::*

OR	cpe:2.3:h:samsung:galaxy_note8:-:::::::*
	cpe:2.3:h:samsung:galaxy_s8:-:::::::*
	cpe:2.3:h:samsung:galaxy_s8_plus:-:::::::*

Configuration 2 (hide)

cpe:2.3:h:samsung:exynos_8895:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-02-04 16:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-19273

Mitre link : CVE-2019-19273

CVE.ORG link : CVE-2019-19273

JSON object : View

Products Affected

google

android

samsung

galaxy_note8
galaxy_s8
galaxy_s8_plus
exynos_8895

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2019-19273", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-02-04T16:15:12.830", "references": [{"url": "https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.samsungmobile.com/securityUpdate.smsb", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265."}, {"lang": "es", "value": "En dispositivos m\u00f3viles Samsung con versiones de software O(8.0) y P(9.0) y un chipset Exynos versi\u00f3n 8895, RKP (tambi\u00e9n se conoce como la implementaci\u00f3n Samsung Hypervisor EL2) permite operaciones de escritura de memoria arbitrarias. El ID de Samsung es SVE-2019-16265."}], "lastModified": "2020-11-10T19:38:43.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033"}, {"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_note8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B54A36F3-17EC-4D5B-9064-FFF449DE3E85"}, {"criteria": "cpe:2.3:h:samsung:galaxy_s8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7CD40B60-8964-471B-9D8D-96F218980074"}, {"criteria": "cpe:2.3:h:samsung:galaxy_s8_plus:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71B1548A-DF80-4530-8B0E-0B83D414AAD6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_8895:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8E735C6-FF25-4D8C-ACA0-D92DD8CD3F4E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}