CVE-2019-2215
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
11/10/2019
Last modified:
04/04/2025
Description
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:google:android:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* | ||
| cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:aff_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:aff_baseboard_management_controller:a700s:*:*:*:*:*:*:* | ||
| cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html
- http://seclists.org/fulldisclosure/2019/Oct/38
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://seclists.org/bugtraq/2019/Nov/11
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://source.android.com/security/bulletin/2019-10-01
- https://usn.ubuntu.com/4186-1/
- http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html
- http://seclists.org/fulldisclosure/2019/Oct/38
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://seclists.org/bugtraq/2019/Nov/11
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://source.android.com/security/bulletin/2019-10-01
- https://usn.ubuntu.com/4186-1/