First published: Tue Sep 03 2019(Updated: )
In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Credit: security@android.com security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
ubuntu/linux | <5.0.0-32.34 | 5.0.0-32.34 |
ubuntu/linux | <5.2~ | 5.2~ |
ubuntu/linux-aws | <5.0.0-1019.21 | 5.0.0-1019.21 |
ubuntu/linux-aws | <5.2~ | 5.2~ |
ubuntu/linux-aws-5.0 | <5.2~ | 5.2~ |
ubuntu/linux-aws-hwe | <5.2~ | 5.2~ |
ubuntu/linux-azure | <5.0.0-1023.24~18.04.1 | 5.0.0-1023.24~18.04.1 |
ubuntu/linux-azure | <5.0.0-1023.24 | 5.0.0-1023.24 |
ubuntu/linux-azure | <5.2~ | 5.2~ |
ubuntu/linux-azure-5.3 | <5.2~ | 5.2~ |
ubuntu/linux-azure-edge | <5.0.0-1023.24~18.04.1 | 5.0.0-1023.24~18.04.1 |
ubuntu/linux-azure-edge | <5.2~ | 5.2~ |
ubuntu/linux-gcp | <5.0.0-1021.21~18.04.1 | 5.0.0-1021.21~18.04.1 |
ubuntu/linux-gcp | <5.0.0-1021.21 | 5.0.0-1021.21 |
ubuntu/linux-gcp | <5.2~ | 5.2~ |
ubuntu/linux-gcp-5.3 | <5.2~ | 5.2~ |
ubuntu/linux-gcp-edge | <5.0.0-1021.21~18.04.1 | 5.0.0-1021.21~18.04.1 |
ubuntu/linux-gcp-edge | <5.2~ | 5.2~ |
ubuntu/linux-gke-4.15 | <5.2~ | 5.2~ |
ubuntu/linux-gke-5.0 | <5.0.0-1023.23~18.04.2 | 5.0.0-1023.23~18.04.2 |
ubuntu/linux-gke-5.0 | <5.2~ | 5.2~ |
ubuntu/linux-gke-5.3 | <5.2~ | 5.2~ |
ubuntu/linux-hwe | <5.0.0-32.34~18.04.2 | 5.0.0-32.34~18.04.2 |
ubuntu/linux-hwe | <5.2~ | 5.2~ |
ubuntu/linux-hwe-edge | <5.2~ | 5.2~ |
ubuntu/linux-kvm | <5.0.0-1020.21 | 5.0.0-1020.21 |
ubuntu/linux-kvm | <5.2~ | 5.2~ |
ubuntu/linux-lts-trusty | <5.2~ | 5.2~ |
ubuntu/linux-lts-xenial | <5.2~ | 5.2~ |
ubuntu/linux-oem | <5.2~ | 5.2~ |
ubuntu/linux-oem-5.6 | <5.2~ | 5.2~ |
ubuntu/linux-oem-osp1 | <5.0.0-1025.28 | 5.0.0-1025.28 |
ubuntu/linux-oem-osp1 | <5.0.0-1025.28 | 5.0.0-1025.28 |
ubuntu/linux-oem-osp1 | <5.2~ | 5.2~ |
ubuntu/linux-oracle | <5.2~ | 5.2~ |
ubuntu/linux-oracle-5.0 | <5.2~ | 5.2~ |
ubuntu/linux-oracle-5.3 | <5.2~ | 5.2~ |
ubuntu/linux-raspi2 | <5.0.0-1020.20 | 5.0.0-1020.20 |
ubuntu/linux-raspi2 | <5.2~ | 5.2~ |
ubuntu/linux-raspi2-5.3 | <5.2~ | 5.2~ |
ubuntu/linux-snapdragon | <5.0.0-1024.25 | 5.0.0-1024.25 |
ubuntu/linux-snapdragon | <5.2~ | 5.2~ |
Google Android | ||
debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 6.8.9-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-2181.
The severity of CVE-2019-2181 is high with a severity value of 7.
CVE-2019-2181 affects Android and could lead to local escalation of privilege.
Yes, user interaction is needed for exploitation of CVE-2019-2181.
To fix CVE-2019-2181, it is recommended to update to the latest version of the affected software.