CVE-2019-2215
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Android | Kernel | affected |
Weaknesses
- Elevation of privilege
ADP Enrichment
CVE Program Container
Additional References
- https://source.android.com/security/bulletin/2019-10-01
- http://seclists.org/fulldisclosure/2019/Oct/38
- http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://seclists.org/bugtraq/2019/Nov/11
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://usn.ubuntu.com/4186-1/
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- https://source.android.com/security/bulletin/2019-10-01
- http://seclists.org/fulldisclosure/2019/Oct/38
- http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://seclists.org/bugtraq/2019/Nov/11
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://usn.ubuntu.com/4186-1/
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.