| Vulnerability Name: | CVE-2019-1999 (CCN-156830) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2018-11-23 | ||||||||||||||||||||||||||||||||||||
| Published: | 2018-11-23 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2022-04-22 | ||||||||||||||||||||||||||||||||||||
| Summary: | In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-415 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: Google Web site Android Source: MITRE Type: CNA CVE-2019-1999 Source: BID Type: Broken Link 106851 Source: CCN Type: Google Security Research Issue 1721 Issue 1721: Android: binder use-after-free of VMA via race between reclaim and munmap Source: XF Type: UNKNOWN android-cve20191999-priv-esc(156830) Source: CCN Type: Packet Storm Security [02-12-2019] Android Binder VMA Use-After-Free Source: BUGTRAQ Type: Mailing List, Third Party Advisory 20190812 [SECURITY] [DSA 4495-1] linux security update Source: CONFIRM Type: Vendor Advisory https://source.android.com/security/bulletin/2019-02-01 Source: CCN Type: Android Open Source Project Android Security Bulletin February 2019 Source: UBUNTU Type: Third Party Advisory USN-3979-1 Source: DEBIAN Type: Third Party Advisory DSA-4495 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [02-12-2019] Source: EXPLOIT-DB Type: Exploit, Third Party Advisory, VDB Entry 46357 Source: CCN Type: IBM Security Bulletin 6214488 (Vyatta 5600) Vyatta 5600 vRouter Software Patches - Release 1801-ze Source: CCN Type: WhiteSource Vulnerability Database CVE-2019-1999 | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||