{
  "threat_severity" : "Moderate",
  "public_date" : "2019-09-03T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: out of bounds write in i2c driver leads to local escalation of privilege",
    "id" : "1818818",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1818818"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "(CWE-787|CWE-119)",
  "details" : [ "In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "An out-of-bounds write flaw was found in the i2c driver in the Linux kernel. This flaw allows an attacker to escalate privileges with system execution privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-29T00:00:00Z",
    "advisory" : "RHSA-2020:4062",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-1160.rt56.1131.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-05-12T00:00:00Z",
    "advisory" : "RHSA-2020:2104",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-alt-0:4.14.0-115.21.2.el7a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-29T00:00:00Z",
    "advisory" : "RHSA-2020:4060",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-1160.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2020-12-15T00:00:00Z",
    "advisory" : "RHSA-2020:5430",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "kernel-0:3.10.0-693.81.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support",
    "release_date" : "2020-12-15T00:00:00Z",
    "advisory" : "RHSA-2020:5430",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.4",
    "package" : "kernel-0:3.10.0-693.81.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions",
    "release_date" : "2020-12-15T00:00:00Z",
    "advisory" : "RHSA-2020:5430",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.4",
    "package" : "kernel-0:3.10.0-693.81.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2020-12-22T00:00:00Z",
    "advisory" : "RHSA-2020:5656",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "kernel-0:3.10.0-957.65.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support",
    "release_date" : "2020-11-24T00:00:00Z",
    "advisory" : "RHSA-2020:5206",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.7",
    "package" : "kernel-0:3.10.0-1062.40.1.el7"
  }, {
    "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2020-12-22T00:00:00Z",
    "advisory" : "RHSA-2020:5656",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "kernel-0:3.10.0-957.65.1.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-9454\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9454" ],
  "name" : "CVE-2019-9454",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}