Vulnerability Description
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | - | |
| Debian | Debian Linux | 8.0 |
| Canonical | Ubuntu Linux | 16.04 |
| Netapp | Cloud Backup | - |
| Netapp | Data Availability Services | - |
| Netapp | Hci Management Node | - |
| Netapp | Service Processor | - |
| Netapp | Solidfire | - |
| Netapp | Steelstore Cloud Integrated Storage | - |
| Netapp | Solidfire Baseboard Management Controller Firmware | - |
| Netapp | Solidfire Baseboard Management Controller | - |
| Netapp | Aff Baseboard Management Controller Firmware | - |
| Netapp | Aff Baseboard Management Controller | a700s |
| Netapp | A320 Firmware | - |
| Netapp | A320 | - |
| Netapp | C190 Firmware | - |
| Netapp | C190 | - |
| Netapp | A220 Firmware | - |
| Netapp | A220 | - |
| Netapp | Fas2720 Firmware | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-SlackwarPatchThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Oct/38Mailing ListThird Party Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlMailing ListThird Party Advisory
- https://seclists.org/bugtraq/2019/Nov/11Mailing ListPatchThird Party Advisory
- https://security.netapp.com/advisory/ntap-20191031-0005/Third Party Advisory
- https://source.android.com/security/bulletin/2019-10-01Vendor Advisory
- https://usn.ubuntu.com/4186-1/Third Party Advisory
- http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-SlackwarPatchThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Oct/38Mailing ListThird Party Advisory
FAQ
What is CVE-2019-2215?
CVE-2019-2215 is a vulnerability with a CVSS score of 7.8 (HIGH). A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require ...
How severe is CVE-2019-2215?
CVE-2019-2215 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-2215?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Debian Debian Linux, Canonical Ubuntu Linux, Netapp Cloud Backup, Netapp Data Availability Services.