Vulnerabilities > CVE-2019-8413 - NULL Pointer Dereference vulnerability in MI MIX 2 Firmware 4.4.78

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

CWE-476

NVD

Published: 2019-02-17

Updated: 2022-09-22

Summary

On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).

Vulnerable Configurations

Part	Description	Count
OS	Mi MI MI MIX 2 Firmware 4.4.78	1
Hardware	Mi MI MI MIX 2 -	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/datadancer/HIAFuzz/blob/master/MIX2_elliptic.md