What is CVE-2019-19273?

CVE-2019-19273 is a high-severity vulnerability in Google Android, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2020-02-04.

How severe is CVE-2019-19273?

High severity. CVSS v3 base score is 7.8 out of 10.

Buffer overflow in Google Android

CVE-2019-19273

On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.

Vulnerability class: Buffer Overflow

EPSS: 0.002 (12.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Google Android — versions 8.0, 9.0
Samsung Exynos_8895
Samsung Galaxy_note8
Samsung Galaxy_s8
Samsung Galaxy_s8_plus
N/a — versions n/a

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2019-19273?: CVE-2019-19273 is a high-severity vulnerability in Google Android, classified under Out-of-bounds Write. CVSS score: 7.8/10. Published 2020-02-04.
How severe is CVE-2019-19273?: High severity. CVSS v3 base score is 7.8 out of 10.