Vulnerability Description
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | - | |
| Debian | Debian Linux | 9.0 |
| Canonical | Ubuntu Linux | 19.04 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106851Broken Link
- https://seclists.org/bugtraq/2019/Aug/13Mailing ListThird Party Advisory
- https://source.android.com/security/bulletin/2019-02-01Vendor Advisory
- https://usn.ubuntu.com/3979-1/Third Party Advisory
- https://www.debian.org/security/2019/dsa-4495Third Party Advisory
- https://www.exploit-db.com/exploits/46357/ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/106851Broken Link
- https://seclists.org/bugtraq/2019/Aug/13Mailing ListThird Party Advisory
- https://source.android.com/security/bulletin/2019-02-01Vendor Advisory
- https://usn.ubuntu.com/3979-1/Third Party Advisory
- https://www.debian.org/security/2019/dsa-4495Third Party Advisory
- https://www.exploit-db.com/exploits/46357/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2019-1999?
CVE-2019-1999 is a vulnerability with a CVSS score of 7.8 (HIGH). In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privil...
How severe is CVE-2019-1999?
CVE-2019-1999 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1999?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Debian Debian Linux, Canonical Ubuntu Linux.