Candidate: CVE-2019-2053
PublicDate: 2019-05-08 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2053
 https://source.android.com/security/bulletin/2019-05-01
Description:
 In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible
 out-of-bounds read due to missing bounds check. This could lead to local
 information disclosure with no additional execution privileges needed. User
 interaction is not needed for exploitation. Product: Android Versions:
 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9
 Android ID: A-122074159
Ubuntu-Description:
Notes:
 mdeslaur> per upstream: The actual read bytes would be stored locally,
 mdeslaur> but they were not used for anything, so other than reading
 mdeslaur> beyond the end of an allocated heap memory buffer, this did not
 mdeslaur> result in any behavior difference or exposure of the bytes.
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]


Patches_wpa:
 upstream: https://w1.fi/cgit/hostap/commit/?id=e8ebef87cb4bb57a9d4b1ca3bc1ee2979ff8c297
upstream_wpa: needs-triage
precise/esm_wpa: DNE
trusty/esm_wpa: needed
xenial_wpa: ignored (end of standard support, was needed)
esm-infra/xenial_wpa: needed
bionic_wpa: needed
cosmic_wpa: ignored (reached end-of-life)
disco_wpa: ignored (reached end-of-life)
eoan_wpa: ignored (reached end-of-life)
focal_wpa: not-affected (2.9-1ubuntu4)
groovy_wpa: not-affected (2.9-1ubuntu4)
hirsute_wpa: not-affected (2.9-1ubuntu4)
impish_wpa: not-affected (2.9-1ubuntu4)
jammy_wpa: not-affected (2.9-1ubuntu4)
devel_wpa: not-affected (2.9-1ubuntu4)