CVE-2019-20607

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019).
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
OR cpe:2.3:h:qualcomm:msm8996:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:exynos_7420:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:exynos_7870:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:exynos_8890:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:exynos_8895:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-24 20:15

Updated : 2024-02-28 17:47


NVD link : CVE-2019-20607

Mitre link : CVE-2019-20607

CVE.ORG link : CVE-2019-20607


JSON object : View

Products Affected

samsung

  • exynos_8890
  • exynos_7870
  • exynos_8895
  • exynos_7420

qualcomm

  • msm8996
  • msm8998

google

  • android
CWE
CWE-787

Out-of-bounds Write