CVE-2019-2215

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html
http://seclists.org/fulldisclosure/2019/Oct/38
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://seclists.org/bugtraq/2019/Nov/11
https://security.netapp.com/advisory/ntap-20191031-0005/
https://source.android.com/security/bulletin/2019-10-01	Vendor Advisory
https://usn.ubuntu.com/4186-1/

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-10-11 19:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-2215

Mitre link : CVE-2019-2215

CVE.ORG link : CVE-2019-2215

JSON object : View

Products Affected

google

android

CWE

CWE-416

Use After Free

{"id": "CVE-2019-2215", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-10-11T19:15:10.947", "references": [{"url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html", "source": "security@android.com"}, {"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "source": "security@android.com"}, {"url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html", "source": "security@android.com"}, {"url": "http://seclists.org/fulldisclosure/2019/Oct/38", "source": "security@android.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en", "source": "security@android.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", "source": "security@android.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", "source": "security@android.com"}, {"url": "https://seclists.org/bugtraq/2019/Nov/11", "source": "security@android.com"}, {"url": "https://security.netapp.com/advisory/ntap-20191031-0005/", "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2019-10-01", "tags": ["Vendor Advisory"], "source": "security@android.com"}, {"url": "https://usn.ubuntu.com/4186-1/", "source": "security@android.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"}, {"lang": "es", "value": "Un uso de la memoria previamente liberada en el archivo binder.c, permite una elevaci\u00f3n de privilegios desde una aplicaci\u00f3n en el kernel de Linux. No es requerida una interacci\u00f3n del usuario para explotar esta vulnerabilidad, sin embargo, la explotaci\u00f3n necesita de la instalaci\u00f3n de una aplicaci\u00f3n local maliciosa o una vulnerabilidad separada en una aplicaci\u00f3n de red. Producto: Android; ID de Android: A-141720095"}], "lastModified": "2019-10-18T19:15:12.163", "cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Android Kernel Use-After-Free Vulnerability"}