CVE-2019-2215: Android Kernel Use-After-Free Vulnerability
First published: Mon Oct 07 2019(Updated: )
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Credit: security@android.com security@android.com security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android Kernel | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 | |
| Android | ||
| Android | ||
| Debian GNU/Linux | =8.0 | |
| Ubuntu Linux | =16.04 | |
| netapp cloud backup | ||
| netapp data availability services | ||
| netapp hci management node | ||
| NetApp Service Processor | ||
| netapp solidfire | ||
| NetApp SteelStore | ||
| All of | ||
| netapp solidfire baseboard management controller firmware | ||
| netapp solidfire baseboard management controller | ||
| All of | ||
| NetApp Baseboard Management Controller Firmware | ||
| NetApp FAS/AFF Baseboard Management Controller | =a700s | |
| All of | ||
| NetApp AFF A320 Firmware | ||
| NetApp AFF A320 | ||
| All of | ||
| NetApp AFF C190 Firmware | ||
| NetApp AFF C190 | ||
| All of | ||
| NetApp AFF A220 Firmware | ||
| NetApp AFF A220 | ||
| All of | ||
| NetApp FAS2700 Firmware | ||
| netapp fas2720 | ||
| All of | ||
| NetApp FAS2700 Firmware | ||
| netapp fas2750 | ||
| All of | ||
| NetApp AFF A800 Firmware | ||
| NetApp AFF A800 | ||
| All of | ||
| netapp h300s firmware | ||
| netapp h300s | ||
| All of | ||
| NetApp H500S Firmware | ||
| netapp h500s | ||
| All of | ||
| netapp h700s firmware | ||
| netapp h700s | ||
| All of | ||
| netapp h410s firmware | ||
| netapp h410s | ||
| All of | ||
| netapp h410c firmware | ||
| netapp h410c | ||
| All of | ||
| netapp h610s firmware | ||
| netapp h610s | ||
| All of | ||
| Huawei ALP-AL00B-RSC Firmware | <10.0.0.162\(c00e156r2p4\) | |
| Huawei ALP-AL00B-RSC Firmware | ||
| All of | ||
| Huawei ALP-TL00B | <10.0.0.162\(c01e156r1p4\) | |
| Huawei ALP-TL00B firmware | ||
| All of | ||
| huawei anne-al00 firmware | <9.1.0.126\(c00e126r1p7t8\) | |
| huawei anne-al00 | ||
| All of | ||
| Huawei Ares-AL00B Firmware | <9.1.0.165\(c00e165r2p5t8\) | |
| Huawei Ares-AL00B Firmware | ||
| All of | ||
| huawei ares-al10d | <9.1.0.165\(c00e165r2p5t8\) | |
| Huawei Ares-AL10D Firmware | ||
| All of | ||
| huawei ares-tl00chw firmware | <8.2.0.163\(c01r2p1\) | |
| huawei ares-tl00chw | ||
| All of | ||
| Huawei BLA-AL00B Firmware | <10.0.0.170\(c786e170r2p4\) | |
| Huawei BLA-AL00B Firmware | ||
| All of | ||
| Huawei BLA-L29C Firmware | <9.1.0.300\(c432e4r1p11t8\) | |
| Huawei BLA-L29 | ||
| All of | ||
| Huawei BLA-TL00B | <10.0.0.170\(c01e170r1p4\) | |
| Huawei BLA-TL00B Firmware | ||
| All of | ||
| Huawei BARCA-AL00 | <8.0.0.377\(c00\) | |
| Huawei BARCA-AL00 Firmware | ||
| All of | ||
| Huawei Berkeley-L09 | <9.1.0.351\(c432e5r1p13t8\) | |
| Huawei Berkeley-L09 Firmware | ||
| All of | ||
| Huawei Berkeley-TL10 | <9.1.0.333\(c01e333r1p1t8\) | |
| Huawei Berkeley-TL10 Firmware | ||
| All of | ||
| huawei columbia-al00a firmware | <8.1.0.186\(c00gt\) | |
| huawei columbia-al00a | ||
| All of | ||
| Huawei LON-L29D | <9.1.0.325\(c432e4r1p12t8\) | |
| Huawei Columbia-L29D Firmware | ||
| All of | ||
| Huawei Cornell-TL10B | <9.1.0.321\(c01e320r1p1t8\) | |
| Huawei Cornell-TL10B Firmware | ||
| All of | ||
| huawei duke-l09i firmware | <9.0.1.171\(c675e6r1p5t8\) | |
| huawei duke-l09i | ||
| All of | ||
| Huawei Dubai-AL00A | <1.0.0.190\(c00\) | |
| Huawei Dubai-AL00A | ||
| All of | ||
| huawei figo-al00a firmware | <9.1.0.130\(c00e115r2p8t8\) | |
| huawei figo-al00a | ||
| All of | ||
| Huawei Florida-AL20B Firmware | <9.1.0.128\(c00e112r1p6t8\) | |
| Huawei Florida-AL20B Firmware | ||
| All of | ||
| huawei florida-l03 firmware | <9.1.0.154\(c605e7r1p2t8\) | |
| huawei florida-l03 | ||
| All of | ||
| Huawei Florida-L21 | <9.1.0.154\(c605e7r1p2t8\) | |
| Huawei Florida-L21 Firmware | ||
| All of | ||
| Huawei Florida-L22 Firmware | <9.1.0.150\(c636e6r1p5t8\) | |
| Huawei Florida-L22 Firmware | ||
| All of | ||
| Huawei Florida-TL10B Firmware | <9.1.0.128\(c01e112r1p6t8\) | |
| Huawei Florida-TL10B Firmware | ||
| All of | ||
| huawei mate rs firmware | =9.1.0.321\(c786e320r1p1t8\) | |
| Huawei Mate RS | ||
| All of | ||
| Huawei P20 Firmware | <9.1.0.312\(c00e312r1p1t8\) | |
| HUAWEI P20 | ||
| All of | ||
| huawei p20 lite firmware | <9.1.0.200\(c605e4r1p3t8\) | |
| huawei p20 lite | ||
| All of | ||
| huawei p20 lite firmware | <9.1.0.200\(c635e5r1p1t8\) | |
| huawei p20 lite | ||
| All of | ||
| huawei p20 lite firmware | <9.1.0.246\(c432e6r1p7t8\) | |
| huawei p20 lite | ||
| All of | ||
| Huawei Y9 2019 Firmware | <9.1.0.297\(c605e4r1p1t8\) | |
| Huawei Y9 2019 Firmware | ||
| All of | ||
| huawei nova 2s firmware | <9.1.0.210\(c01e110r1p9t8\) | |
| huawei nova 2s | ||
| All of | ||
| Huawei Nova 3 Firmware | <9.1.0.351\(c00e351r1p1t8\) | |
| Huawei Nova 3 Firmware | ||
| All of | ||
| huawei nova 3e firmware | <9.1.0.200\(c636e4r1p5t8\) | |
| huawei nova 3e | ||
| All of | ||
| huawei p20 lite firmware | <9.1.0.200\(c636e4r1p5t8\) | |
| huawei p20 lite | ||
| All of | ||
| huawei p20 lite firmware | <9.1.0.201\(c636e4r1p5t8\) | |
| huawei p20 lite | ||
| All of | ||
| huawei nova 3e firmware | <9.1.0.201\(c636e4r1p5t8\) | |
| huawei nova 3e | ||
| All of | ||
| huawei nova 3e firmware | <9.1.0.201\(zafc185e4r1p8t8\) | |
| huawei nova 3e | ||
| All of | ||
| huawei p20 lite firmware | <9.1.0.201\(zafc185e4r1p8t8\) | |
| huawei p20 lite | ||
| All of | ||
| HUAWEI Honor V20 firmware | <10.1.0.214\(c10e5r4p3\) | |
| Huawei Honor View 20 Firmware | ||
| All of | ||
| Huawei Jakarta-AL00a | <9.1.0.260\(c00e120r2p2\) | |
| Huawei Jakarta-AL00a Firmware | ||
| All of | ||
| Huawei Johnson-TL00D | <9.1.0.219\(c01e18r3p2t8\) | |
| Huawei Johnson-TL00D Firmware | ||
| All of | ||
| huawei leland-al10b firmware | <9.1.0.130\(c00e112r2p10t8\) | |
| huawei leland-al10b | ||
| All of | ||
| Huawei Leland L21A | <9.1.0.156\(c185e5r1p5t8\) | |
| Huawei Leland-L21A Firmware | ||
| All of | ||
| Huawei Leland-L32A | <9.1.0.153\(c675e6r1p4t8\) | |
| Huawei Leland-L32A Firmware | ||
| All of | ||
| Huawei Leland-tl10b | <9.1.0.130\(c01e112r2p10t8\) | |
| Huawei Leland-TL10B Firmware | ||
| All of | ||
| Huawei Leland TL10C | <9.1.0.130\(c01e112r2p10t8\) | |
| Huawei Leland-TL10C Firmware | ||
| All of | ||
| Huawei Lelandp-al00c Firmware | <9.1.0.130\(c00e112r2p10t8\) | |
| Huawei Lelandp-al00c Firmware | ||
| All of | ||
| Huawei Leland P-L22C | <9.1.0.156\(c636e5r1p5t8\) | |
| Huawei LelandP-L22C Firmware | ||
| All of | ||
| Huawei Neo-AL00D Firmware | <9.1.0.321\(c786e320r1p1t8\) | |
| Huawei Neo-AL00D Firmware | ||
| All of | ||
| Huawei Princeton-AL10B | <10.1.0.160\(c00e160r2p11\) | |
| Huawei Princeton-AL10B Firmware | ||
| All of | ||
| Huawei Rhone-AL00 | <8.0.0.376\(c00\) | |
| Huawei Rhone-AL00 firmware | ||
| All of | ||
| huawei stanford-l09 firmware | <9.1.0.211\(c635e2r1p4t8\) | |
| huawei stanford-l09 | ||
| All of | ||
| Huawei Stanford-L09S | <9.1.0.210\(c432e2r1p5t8\) | |
| Huawei Stanford-L09S firmware | ||
| All of | ||
| Huawei Sydney-AL00 | <9.1.0.212\(c00e62r1p7t8\) | |
| Huawei Sydney-AL00 Firmware | ||
| All of | ||
| Huawei Sydney-TL00 | <9.1.0.212\(c01e62r1p7t8\) | |
| Huawei Sydney-TL00 Firmware | ||
| All of | ||
| Huawei SydneyM-AL00 Firmware | <9.1.0.212\(c00e62r1p7t8\) | |
| Huawei SydneyM-AL00 Firmware | ||
| All of | ||
| Huawei Tony-AL00b | <10.0.0.175\(c00e59r2p11\) | |
| Huawei Tony-AL00B Firmware | ||
| All of | ||
| Huawei Tony-AL00B Firmware | <10.0.0.175\(c01e59r2p11\) | |
| Huawei Tony-TL00B Firmware | ||
| All of | ||
| Huawei Yale-AL00A | <10.1.0.160\(c00e160r8p12\) | |
| Huawei Yale-AL00A | ||
| All of | ||
| Huawei Yale-l21a | <10.1.0.231\(c10e3r3p2\) | |
| Huawei Y6 | ||
| All of | ||
| Huawei Yale-TL00B | <10.1.0.160\(c01e160r8p12\) | |
| Huawei Yale-TL00B Firmware | ||
| All of | ||
| Huawei Honor 9i Firmware | <9.1.0.130\(c00e112r2p10t8\) | |
| Huawei Honor 9i | ||
| Debian | =8.0 | |
| Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com/security/bulletin/2019-10-01
- http://seclists.org/fulldisclosure/2019/Oct/38
- http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html
- https://security.netapp.com/advisory/ntap-20191031-0005/
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en
- https://seclists.org/bugtraq/2019/Nov/11
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://usn.ubuntu.com/4186-1/
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://launchpad.net/bugs/cve/CVE-2019-2215
- https://source.android.com/docs/security/bulletin/2019-10-01 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2019-2215
- https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f
- https://security-tracker.debian.org/tracker/CVE-2019-2215
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215
- https://ubuntu.com/security/CVE-2019-2215
Frequently Asked Questions
What is CVE-2019-2215?
CVE-2019-2215 is a use-after-free vulnerability in the Android Kernel.
How does CVE-2019-2215 affect Android Kernel?
CVE-2019-2215 allows an elevation of privilege from an application to the Linux Kernel.
What is the severity of CVE-2019-2215?
CVE-2019-2215 has a severity rating of high.
How can CVE-2019-2215 be exploited?
Exploiting CVE-2019-2215 requires either the installation of a malicious local application or a separate vulnerability in a network fa…
Are there any references for CVE-2019-2215?
References for CVE-2019-2215 can be found at the following links: [Link 1](https://source.android.com/security/bulletin/2019-10-01), [Link 2](http://seclists.org/fulldisclosure/2019/Oct/38), [Link 3](http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html).
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/title
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/remedy
- agent/trending
- agent/source
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/description
- agent/event
- collector/android-source
- source/Android
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- vendor/android
- canonical/google android kernel
- package-manager/debian
- vendor/google
- canonical/android
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/8.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/16.04
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp data availability services
- canonical/netapp hci management node
- canonical/netapp service processor
- canonical/netapp solidfire
- canonical/netapp steelstore
- canonical/netapp solidfire baseboard management controller firmware
- canonical/netapp solidfire baseboard management controller
- canonical/netapp baseboard management controller firmware
- canonical/netapp fas/aff baseboard management controller
- version/netapp fas/aff baseboard management controller/a700s
- canonical/netapp aff a320 firmware
- canonical/netapp aff a320
- canonical/netapp aff c190 firmware
- canonical/netapp aff c190
- canonical/netapp aff a220 firmware
- canonical/netapp aff a220
- canonical/netapp fas2700 firmware
- canonical/netapp fas2720
- canonical/netapp fas2750
- canonical/netapp aff a800 firmware
- canonical/netapp aff a800
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h610s firmware
- canonical/netapp h610s
- vendor/huawei
- canonical/huawei alp-al00b-rsc firmware
- canonical/huawei alp-tl00b
- canonical/huawei alp-tl00b firmware
- canonical/huawei anne-al00 firmware
- canonical/huawei anne-al00
- canonical/huawei ares-al00b firmware
- canonical/huawei ares-al10d
- canonical/huawei ares-al10d firmware
- canonical/huawei ares-tl00chw firmware
- canonical/huawei ares-tl00chw
- canonical/huawei bla-al00b firmware
- canonical/huawei bla-l29c firmware
- canonical/huawei bla-l29
- canonical/huawei bla-tl00b
- canonical/huawei bla-tl00b firmware
- canonical/huawei barca-al00
- canonical/huawei barca-al00 firmware
- canonical/huawei berkeley-l09
- canonical/huawei berkeley-l09 firmware
- canonical/huawei berkeley-tl10
- canonical/huawei berkeley-tl10 firmware
- canonical/huawei columbia-al00a firmware
- canonical/huawei columbia-al00a
- canonical/huawei lon-l29d
- canonical/huawei columbia-l29d firmware
- canonical/huawei cornell-tl10b
- canonical/huawei cornell-tl10b firmware
- canonical/huawei duke-l09i firmware
- canonical/huawei duke-l09i
- canonical/huawei dubai-al00a
- canonical/huawei figo-al00a firmware
- canonical/huawei figo-al00a
- canonical/huawei florida-al20b firmware
- canonical/huawei florida-l03 firmware
- canonical/huawei florida-l03
- canonical/huawei florida-l21
- canonical/huawei florida-l21 firmware
- canonical/huawei florida-l22 firmware
- canonical/huawei florida-tl10b firmware
- canonical/huawei mate rs firmware
- version/huawei mate rs firmware/9.1.0.321\(c786e320r1p1t8\)
- canonical/huawei mate rs
- canonical/huawei p20 firmware
- canonical/huawei p20
- canonical/huawei p20 lite firmware
- canonical/huawei p20 lite
- canonical/huawei y9 2019 firmware
- canonical/huawei nova 2s firmware
- canonical/huawei nova 2s
- canonical/huawei nova 3 firmware
- canonical/huawei nova 3e firmware
- canonical/huawei nova 3e
- canonical/huawei honor v20 firmware
- canonical/huawei honor view 20 firmware
- canonical/huawei jakarta-al00a
- canonical/huawei jakarta-al00a firmware
- canonical/huawei johnson-tl00d
- canonical/huawei johnson-tl00d firmware
- canonical/huawei leland-al10b firmware
- canonical/huawei leland-al10b
- canonical/huawei leland l21a
- canonical/huawei leland-l21a firmware
- canonical/huawei leland-l32a
- canonical/huawei leland-l32a firmware
- canonical/huawei leland-tl10b
- canonical/huawei leland-tl10b firmware
- canonical/huawei leland tl10c
- canonical/huawei leland-tl10c firmware
- canonical/huawei lelandp-al00c firmware
- canonical/huawei leland p-l22c
- canonical/huawei lelandp-l22c firmware
- canonical/huawei neo-al00d firmware
- canonical/huawei princeton-al10b
- canonical/huawei princeton-al10b firmware
- canonical/huawei rhone-al00
- canonical/huawei rhone-al00 firmware
- canonical/huawei stanford-l09 firmware
- canonical/huawei stanford-l09
- canonical/huawei stanford-l09s
- canonical/huawei stanford-l09s firmware
- canonical/huawei sydney-al00
- canonical/huawei sydney-al00 firmware
- canonical/huawei sydney-tl00
- canonical/huawei sydney-tl00 firmware
- canonical/huawei sydneym-al00 firmware
- canonical/huawei tony-al00b
- canonical/huawei tony-al00b firmware
- canonical/huawei tony-tl00b firmware
- canonical/huawei yale-al00a
- canonical/huawei yale-l21a
- canonical/huawei y6
- canonical/huawei yale-tl00b
- canonical/huawei yale-tl00b firmware
- canonical/huawei honor 9i firmware
- canonical/huawei honor 9i
- canonical/debian
- version/debian/8.0
- canonical/ubuntu
- version/ubuntu/16.04