1. CVE-Search
  2. CVE-2019-20607
ID CVE-2019-20607
Summary An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019).
References
Vulnerable Configurations
  • cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:msm8996:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:msm8996:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*
  • cpe:2.3:h:samsung:exynos_7420:-:*:*:*:*:*:*:*
    cpe:2.3:h:samsung:exynos_7420:-:*:*:*:*:*:*:*
  • cpe:2.3:h:samsung:exynos_7870:-:*:*:*:*:*:*:*
    cpe:2.3:h:samsung:exynos_7870:-:*:*:*:*:*:*:*
  • cpe:2.3:h:samsung:exynos_8890:-:*:*:*:*:*:*:*
    cpe:2.3:h:samsung:exynos_8890:-:*:*:*:*:*:*:*
  • cpe:2.3:h:samsung:exynos_8895:-:*:*:*:*:*:*:*
    cpe:2.3:h:samsung:exynos_8895:-:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 30-03-2020 - 14:26)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
confirm https://security.samsungmobile.com/securityUpdate.smsb
Last major update 30-03-2020 - 14:26
Published 24-03-2020 - 20:15
Last modified 30-03-2020 - 14:26
Back to Top