Lucene search

Google_androidCVE-2019-1999

HistoryFeb 28, 2019 - 5:29 p.m.

CVE-2019-1999

2019-02-2817:29:00

CWE-415

google_android

web.nvd.nist.gov

cve-2019-1999

binder_alloc_free_page

android

privilege escalation

kernel security

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

43.5%

JSON

In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.

Affected configurations

Nvd

Node

googleandroidMatch-

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

canonicalubuntu_linuxMatch19.04

VendorProductVersionCPE
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
canonicalubuntu_linux19.04cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	-	cpe:2.3:o:google:android:-:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
canonical	ubuntu_linux	19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

CNA Affected

[
  {
    "product": "Android",
    "vendor": "Android",
    "versions": [
      {
        "status": "affected",
        "version": "Android kernel"
      }
    ]
  }
]