| Revision Date: | 2019-02-28 | Version: | 1 | | Title: | CVE-2019-1999 on Ubuntu 18.10 (cosmic) - medium. | | Description: | In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196. It was discovered that a race condition existed in the Binder IPC driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2019-1999
| | Platform(s): | Ubuntu 18.10
| Product(s): | | | Definition Synopsis | | Ubuntu 18.10 (cosmic) is installed. AND Package Information
NOT linux-image-4.18.0-21-generic package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-4.18.0-21-generic-lpae package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-4.18.0-21-lowlatency package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-4.18.0-21-snapdragon package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-unsigned-4.18.0-21-generic package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-unsigned-4.18.0-21-lowlatency package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-4.18.0-1017-aws package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-unsigned-4.18.0-1018-azure package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-unsigned-4.18.0-1012-gcp package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-4.18.0-1013-kvm package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-extra-virtual package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-generic package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-generic-lpae package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-lowlatency package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-snapdragon package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-virtual package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-aws package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-azure package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-gcp package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-gke package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-kvm package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-oem package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-raspi2 package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-unsigned-4.15.0-1038-oem package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-unsigned-4.15.0-1013-oracle package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-4.18.0-1015-raspi2 package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-4.18.0-21-generic package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-4.18.0-21-lowlatency package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-4.18.0-1019-azure package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-4.18.0-1012-gcp package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
OR NOT linux-image-4.15.0-1039-oem package in cosmic, while related to the CVE in some way, is not affected (note: 'CONFIG_ANDROID_BINDER_IPC is disabled').
|
|