CVE-2019-2215 - A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kerne

CVE-2019-2215

Summary

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

References

Vulnerable Configurations

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 18-10-2019 - 19:15)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
confirm	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en https://security.netapp.com/advisory/ntap-20191031-0005/ https://source.android.com/security/bulletin/2019-10-01
fulldisc	20191018 CVE 2019-2215 Android Binder Use After Free
misc	http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html
mlist	[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
ubuntu	USN-4186-1

Last major update

18-10-2019 - 19:15

Published

11-10-2019 - 19:15

Last modified

18-10-2019 - 19:15