← Volver a CVEs
CVE-2019-2215
HIGHCISA KEV7.8
Descripcion
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/11/2019
Ultima modificacion10/24/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorAndroid
ProductoAndroid Kernel
Nombre vulnerabilidadAndroid Kernel Use-After-Free Vulnerability
Fecha inclusion KEV2021-11-03
Fecha limite remediacion2022-05-03
Uso en ransomwareUnknown
Productos afectados
canonical:ubuntu_linuxdebian:debian_linuxgoogle:androidhuawei:alp-al00bhuawei:alp-al00b_firmwarehuawei:alp-tl00bhuawei:alp-tl00b_firmwarehuawei:anne-al00huawei:anne-al00_firmwarehuawei:ares-al00bhuawei:ares-al00b_firmwarehuawei:ares-al10dhuawei:ares-al10d_firmwarehuawei:ares-tl00chwhuawei:ares-tl00chw_firmwarehuawei:barca-al00huawei:barca-al00_firmwarehuawei:berkeley-l09huawei:berkeley-l09_firmwarehuawei:berkeley-tl10huawei:berkeley-tl10_firmwarehuawei:bla-al00bhuawei:bla-al00b_firmwarehuawei:bla-l29chuawei:bla-l29c_firmwarehuawei:bla-tl00bhuawei:bla-tl00b_firmwarehuawei:columbia-al00ahuawei:columbia-al00a_firmwarehuawei:columbia-l29dhuawei:columbia-l29d_firmwarehuawei:cornell-tl10bhuawei:cornell-tl10b_firmwarehuawei:duke-l09ihuawei:duke-l09i_firmwarehuawei:dura-al00ahuawei:dura-al00a_firmwarehuawei:figo-al00ahuawei:figo-al00a_firmwarehuawei:florida-al20bhuawei:florida-al20b_firmwarehuawei:florida-l03huawei:florida-l03_firmwarehuawei:florida-l21huawei:florida-l21_firmwarehuawei:florida-l22huawei:florida-l22_firmwarehuawei:florida-tl10bhuawei:florida-tl10b_firmwarehuawei:honor_9ihuawei:honor_9i_firmwarehuawei:honor_view_20huawei:honor_view_20_firmwarehuawei:jakarta-al00ahuawei:jakarta-al00a_firmwarehuawei:johnson-tl00dhuawei:johnson-tl00d_firmwarehuawei:leland-al10bhuawei:leland-al10b_firmwarehuawei:leland-l21ahuawei:leland-l21a_firmwarehuawei:leland-l32ahuawei:leland-l32a_firmwarehuawei:leland-tl10bhuawei:leland-tl10b_firmwarehuawei:leland-tl10chuawei:leland-tl10c_firmwarehuawei:lelandp-al00chuawei:lelandp-al00c_firmwarehuawei:lelandp-l22chuawei:lelandp-l22c_firmwarehuawei:mate_rshuawei:mate_rs_firmwarehuawei:neo-al00dhuawei:neo-al00d_firmwarehuawei:nova_2shuawei:nova_2s_firmwarehuawei:nova_3huawei:nova_3_firmwarehuawei:nova_3ehuawei:nova_3e_firmwarehuawei:p20huawei:p20_firmwarehuawei:p20_litehuawei:p20_lite_firmwarehuawei:princeton-al10bhuawei:princeton-al10b_firmwarehuawei:rhone-al00huawei:rhone-al00_firmwarehuawei:stanford-l09huawei:stanford-l09_firmwarehuawei:stanford-l09shuawei:stanford-l09s_firmwarehuawei:sydney-al00huawei:sydney-al00_firmwarehuawei:sydney-tl00huawei:sydney-tl00_firmwarehuawei:sydneym-al00huawei:sydneym-al00_firmwarehuawei:tony-al00bhuawei:tony-al00b_firmwarehuawei:tony-tl00bhuawei:tony-tl00b_firmwarehuawei:y9_2019huawei:y9_2019_firmwarehuawei:yale-al00ahuawei:yale-al00a_firmwarehuawei:yale-l21ahuawei:yale-l21a_firmwarehuawei:yale-tl00bhuawei:yale-tl00b_firmwarenetapp:a220netapp:a220_firmwarenetapp:a320netapp:a320_firmwarenetapp:a800netapp:a800_firmwarenetapp:aff_baseboard_management_controllernetapp:aff_baseboard_management_controller_firmwarenetapp:c190netapp:c190_firmwarenetapp:cloud_backupnetapp:data_availability_servicesnetapp:fas2720netapp:fas2720_firmwarenetapp:fas2750netapp:fas2750_firmwarenetapp:h300snetapp:h300s_firmwarenetapp:h410cnetapp:h410c_firmwarenetapp:h410snetapp:h410s_firmwarenetapp:h500snetapp:h500s_firmwarenetapp:h610snetapp:h610s_firmwarenetapp:h700snetapp:h700s_firmwarenetapp:hci_management_nodenetapp:service_processornetapp:solidfirenetapp:solidfire_baseboard_management_controllernetapp:solidfire_baseboard_management_controller_firmwarenetapp:steelstore_cloud_integrated_storage
Debilidades (CWE)
CWE-416CWE-416
Referencias
http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html(security@android.com)
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html(security@android.com)
http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html(security@android.com)
http://seclists.org/fulldisclosure/2019/Oct/38(security@android.com)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en(security@android.com)
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html(security@android.com)
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html(security@android.com)
https://seclists.org/bugtraq/2019/Nov/11(security@android.com)
https://security.netapp.com/advisory/ntap-20191031-0005/(security@android.com)
https://source.android.com/security/bulletin/2019-10-01(security@android.com)
https://usn.ubuntu.com/4186-1/(security@android.com)
http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Oct/38(af854a3a-2127-422b-91ae-364da2661108)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Nov/11(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20191031-0005/(af854a3a-2127-422b-91ae-364da2661108)
https://source.android.com/security/bulletin/2019-10-01(af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4186-1/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.