CVE-2019-8413
UnknownEPSS 0.38%
Last modified
CVE-2019-8413 is a vulnerability of currently unknown severity. On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mi | Mi Mix 2 Firmware | 4.4.78 |
References
- https://github.com/datadancer/HIAFuzz/blob/master/MIX2_elliptic.mdExploit, Third Party Advisory
- https://github.com/datadancer/HIAFuzz/blob/master/MIX2_elliptic.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-8413?
On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).
How severe is CVE-2019-8413?
Severity scoring for CVE-2019-8413 is pending analysis. The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.
How do I fix CVE-2019-8413?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2019-8413?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST