ID |
CVE-2019-2215
|
Summary |
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 4.6 (as of 18-10-2019 - 19:15) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-416 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bugtraq | 20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01) | confirm | | fulldisc | 20191018 CVE 2019-2215 Android Binder Use After Free | misc | | mlist | - [debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
| ubuntu | USN-4186-1 |
|
Last major update |
18-10-2019 - 19:15 |
Published |
11-10-2019 - 19:15 |
Last modified |
18-10-2019 - 19:15 |