Vulnerabilities > CVE-2019-19273 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

google

samsung

CWE-787

NVD

Published: 2020-02-04

Updated: 2020-11-10

Summary

On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 8.0 Google Android 9.0	2
Hardware	Samsung Samsung Galaxy Note8 - Samsung Galaxy S8 - Samsung Galaxy S8 Plus - Samsung Exynos 8895 -	4

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://security.samsungmobile.com/securityUpdate.smsb
https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write/