CVE-2019-16508 - Vulnerability Details - OpenCVE

The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome Os

Configuration 1 [-]

OR	cpe:2.3:o:google:chrome_os::::::::
	cpe:2.3:o:google:chrome_os::::::::
	cpe:2.3:o:google:chrome_os::::::::

No data.

References

Link	Providers
https://bugs.chromium.org/p/chromium/issues/detail?id=960106

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-01T11:07:51

Updated: 2024-08-05T01:17:39.567Z

Reserved: 2019-09-19T00:00:00

Link: CVE-2019-16508

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-10-01T12:15:10.967

Modified: 2024-11-21T04:30:43.603

Link: CVE-2019-16508

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-01T11:07:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16508", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106", "refsource": "MISC", "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:17:39.567Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16508", "datePublished": "2019-10-01T11:07:51", "dateReserved": "2019-09-19T00:00:00", "dateUpdated": "2024-08-05T01:17:39.567Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "C195EFF6-0778-41B5-918A-769B7C48736F", "versionEndExcluding": "r74-11895.b", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "23316D84-3C63-40CC-8167-2BA3ADF428EB", "versionEndExcluding": "r75.12105.b", "versionStartIncluding": "r75", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6BF5E02-F65C-42BD-B413-48C865D0C3B6", "versionEndExcluding": "r76.12208.0.0", "versionStartIncluding": "r76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a malicious application. This occurs because of intentional access for the GPU process to /dev/dri/card1 and the PowerVR ioctl handler, as demonstrated by PVRSRVBridgeSyncPrimOpCreate."}, {"lang": "es", "value": "El controlador Imagination Technologies para Chrome OS versiones anteriores a R74-11895.B, versiones R75 anteriores a R75-12105.B y versiones R76 anteriores a R76-12208.0.0, permite a los atacantes activar un Desbordamiento de Enteros y conseguir privilegios por medio de una aplicaci\u00f3n maliciosa. Esto ocurre debido al acceso intencional para el proceso GPU en el archivo /dev/dri/card1 y el manejador ioctl PowerVR, como es demostrado por la funci\u00f3n PVRSRVBridgeSyncPrimOpCreate."}], "id": "CVE-2019-16508", "lastModified": "2024-11-21T04:30:43.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-01T12:15:10.967", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=960106"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}