CVE-2019-8413

MEDIUM

Xiaomi MIX 2 Firmware - Denial of Service via IOCTL 0x4008c575

Title source: llm
STIX 2.1

Description

On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/datadancer/HIAFuzz/blob/master/MIX2_elliptic.md

Scores

CVSS v3 5.5
EPSS 0.0038
EPSS Percentile 30.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (1)
mi/mi_mix_2_firmware 4.4.78
Published Feb 17, 2019
Tracked Since Feb 18, 2026