← Back

CVE-2019-1999

nvd nist
Published: Feb 28, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.

Affected (4)

Google
1 product
Android
Debian
1 product
Debian Linux
Canonical
1 product
Ubuntu Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Android
All versions
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 9.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Linux
Version 19.04

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (12)

Source: security@android.com
Broken Link
Source: security@android.com
Mailing ListThird Party Advisory
Source: security@android.com
Vendor Advisory
Source: security@android.com
Third Party Advisory
Source: security@android.com
Third Party Advisory
Source: security@android.com
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.