CVE-2019-19273 - OpenCVE

On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Exynos 8895 Galaxy Note8 Galaxy S8 Plus Galaxy S8
Google	Android

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:8.0:::::::*
	cpe:2.3:o:google:android:9.0:::::::*

OR	cpe:2.3:h:samsung:galaxy_note8:-:::::::*
	cpe:2.3:h:samsung:galaxy_s8:-:::::::*
	cpe:2.3:h:samsung:galaxy_s8_plus:-:::::::*

Configuration 2 [-]

cpe:2.3:h:samsung:exynos_8895:-:*:*:*:*:*:*:*

References

Link	Resource
https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write/	Exploit Third Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-04T15:46:12

Updated: 2020-10-22T18:32:09

Reserved: 2019-11-26T00:00:00

Link: CVE-2019-19273

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-04T16:15:12.830

Modified: 2020-11-10T19:38:43.583

Link: CVE-2019-19273

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-22T18:32:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}, {"tags": ["x_refsource_MISC"], "url": "https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19273", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://security.samsungmobile.com/securityUpdate.smsb", "refsource": "CONFIRM", "url": "https://security.samsungmobile.com/securityUpdate.smsb"}, {"name": "https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write/", "refsource": "MISC", "url": "https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19273", "datePublished": "2020-02-04T15:46:12", "dateReserved": "2019-11-26T00:00:00", "dateUpdated": "2020-10-22T18:32:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_note8:-:*:*:*:*:*:*:*", "matchCriteriaId": "B54A36F3-17EC-4D5B-9064-FFF449DE3E85", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:galaxy_s8:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CD40B60-8964-471B-9D8D-96F218980074", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:galaxy_s8_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "71B1548A-DF80-4530-8B0E-0B83D414AAD6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_8895:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8E735C6-FF25-4D8C-ACA0-D92DD8CD3F4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265."}, {"lang": "es", "value": "En dispositivos m\u00f3viles Samsung con versiones de software O(8.0) y P(9.0) y un chipset Exynos versi\u00f3n 8895, RKP (tambi\u00e9n se conoce como la implementaci\u00f3n Samsung Hypervisor EL2) permite operaciones de escritura de memoria arbitrarias. El ID de Samsung es SVE-2019-16265."}], "id": "CVE-2019-19273", "lastModified": "2020-11-10T19:38:43.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-04T16:15:12.830", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}