CVE-2019-2215: Android Kernel Use-After-Free Vulnerability
First published: Mon Oct 07 2019(Updated: )
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Credit: security@android.com security@android.com security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android Kernel | ||
| Android | ||
| Android | ||
| Debian Linux | =8.0 | |
| Ubuntu | =16.04 | |
| NetApp Cloud Backup | ||
| NetApp Data Availability Services | ||
| NetApp SolidFire & HCI Management Node | ||
| NetApp Service Processor | ||
| NetApp SolidFire & HCI Storage Node | ||
| NetApp SteelStore Cloud Integrated Storage | ||
| All of | ||
| NetApp SolidFire Baseboard Management Controller Firmware | ||
| NetApp SolidFire | ||
| All of | ||
| NetApp Baseboard Management Controller Firmware | ||
| NetApp FAS/AFF Baseboard Management Controller | =a700s | |
| All of | ||
| NetApp AFF A320 Firmware | ||
| NetApp AFF A320 | ||
| All of | ||
| NetApp AFF C190 Firmware | ||
| NetApp AFF C190 | ||
| All of | ||
| NetApp AFF A220 Firmware | ||
| NetApp AFF A220 | ||
| All of | ||
| NetApp FAS2700 Firmware | ||
| NetApp FAS2720 | ||
| All of | ||
| NetApp FAS2700 Firmware | ||
| NetApp FAS Series | ||
| All of | ||
| NetApp AFF A800 Firmware | ||
| NetApp AFF A800 | ||
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| All of | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| All of | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| All of | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| All of | ||
| NetApp HCI H610S Firmware | ||
| NetApp H610S Firmware | ||
| All of | ||
| Huawei ALP-AL00B-RSC Firmware | <10.0.0.162\(c00e156r2p4\) | |
| Huawei ALP-AL00B-RSC Firmware | ||
| All of | ||
| Huawei ALP-TL00B | <10.0.0.162\(c01e156r1p4\) | |
| Huawei ALP-TL00B firmware | ||
| All of | ||
| Huawei Anne-AL00 | <9.1.0.126\(c00e126r1p7t8\) | |
| Huawei Anne-AL00 Firmware | ||
| All of | ||
| Huawei Ares-AL00B Firmware | <9.1.0.165\(c00e165r2p5t8\) | |
| Huawei Ares-AL00B Firmware | ||
| All of | ||
| Huawei Ares-AL10D | <9.1.0.165\(c00e165r2p5t8\) | |
| Huawei Ares-AL10D | ||
| All of | ||
| Huawei Ares-TL00C Firmware | <8.2.0.163\(c01r2p1\) | |
| Huawei Ares-TL00 | ||
| All of | ||
| Huawei BLA-AL00B Firmware | <10.0.0.170\(c786e170r2p4\) | |
| Huawei BLA-AL00B Firmware | ||
| All of | ||
| Huawei BLA-L29C Firmware | <9.1.0.300\(c432e4r1p11t8\) | |
| Huawei BLA-L29 | ||
| All of | ||
| Huawei BLA-TL00B | <10.0.0.170\(c01e170r1p4\) | |
| Huawei BLA-TL00B Firmware | ||
| All of | ||
| Huawei BARCA-AL00 | <8.0.0.377\(c00\) | |
| Huawei BARCA-AL00 Firmware | ||
| All of | ||
| Huawei P10 Firmware | <9.1.0.351\(c432e5r1p13t8\) | |
| Huawei P10 | ||
| All of | ||
| Huawei Berkeley-TL10 | <9.1.0.333\(c01e333r1p1t8\) | |
| Huawei Berkeley-TL10 Firmware | ||
| All of | ||
| Huawei Columbia-AL00A Firmware | <8.1.0.186\(c00gt\) | |
| Huawei Columbia-AL00A Firmware | ||
| All of | ||
| Huawei LON-L29D | <9.1.0.325\(c432e4r1p12t8\) | |
| Huawei Columbia-L29D Firmware | ||
| All of | ||
| Huawei Cornell-TL10B | <9.1.0.321\(c01e320r1p1t8\) | |
| Huawei Cornell-TL10B Firmware | ||
| All of | ||
| Huawei Duke-L09i | <9.0.1.171\(c675e6r1p5t8\) | |
| Huawei Duke-L09i Firmware | ||
| All of | ||
| Huawei Dubai-AL00A | <1.0.0.190\(c00\) | |
| Huawei Dubai-AL00A | ||
| All of | ||
| Huawei Figo AL00A Firmware | <9.1.0.130\(c00e115r2p8t8\) | |
| Huawei Figo AL00A Firmware | ||
| All of | ||
| Huawei Florida | <9.1.0.128\(c00e112r1p6t8\) | |
| Huawei Florida-AL20B Firmware | ||
| All of | ||
| Huawei Florida | <9.1.0.154\(c605e7r1p2t8\) | |
| Huawei Florida L03 | ||
| All of | ||
| Huawei Florida | <9.1.0.154\(c605e7r1p2t8\) | |
| Huawei Florida | ||
| All of | ||
| Huawei Florida | <9.1.0.150\(c636e6r1p5t8\) | |
| Huawei Florida-L22 Firmware | ||
| All of | ||
| Huawei Florida | <9.1.0.128\(c01e112r1p6t8\) | |
| Huawei Florida-TL10B Firmware | ||
| All of | ||
| Huawei Mate RS Firmware | =9.1.0.321\(c786e320r1p1t8\) | |
| Huawei Mate RS Firmware | ||
| All of | ||
| Huawei P20 Lite | <9.1.0.312\(c00e312r1p1t8\) | |
| HUAWEI P20 | ||
| All of | ||
| Huawei P20 Lite | <9.1.0.200\(c605e4r1p3t8\) | |
| Huawei P20 Lite Firmware | ||
| All of | ||
| Huawei P20 Lite | <9.1.0.200\(c635e5r1p1t8\) | |
| Huawei P20 Lite Firmware | ||
| All of | ||
| Huawei P20 Lite | <9.1.0.246\(c432e6r1p7t8\) | |
| Huawei P20 Lite Firmware | ||
| All of | ||
| Huawei Y9 2019 Firmware | <9.1.0.297\(c605e4r1p1t8\) | |
| Huawei Y9 2019 Firmware | ||
| All of | ||
| Huawei Nova 2s Firmware | <9.1.0.210\(c01e110r1p9t8\) | |
| Huawei Nova 2s Firmware | ||
| All of | ||
| Huawei Nova 3e Firmware | <9.1.0.351\(c00e351r1p1t8\) | |
| Huawei Nova 3 Firmware | ||
| All of | ||
| Huawei Nova 3i firmware | <9.1.0.200\(c636e4r1p5t8\) | |
| Huawei Nova 3e Firmware | ||
| All of | ||
| Huawei P20 Lite | <9.1.0.200\(c636e4r1p5t8\) | |
| Huawei P20 Lite Firmware | ||
| All of | ||
| Huawei P20 Lite | <9.1.0.201\(c636e4r1p5t8\) | |
| Huawei P20 Lite Firmware | ||
| All of | ||
| Huawei Nova 3i firmware | <9.1.0.201\(c636e4r1p5t8\) | |
| Huawei Nova 3e Firmware | ||
| All of | ||
| Huawei Nova 3i firmware | <9.1.0.201\(zafc185e4r1p8t8\) | |
| Huawei Nova 3e Firmware | ||
| All of | ||
| Huawei P20 Lite | <9.1.0.201\(zafc185e4r1p8t8\) | |
| Huawei P20 Lite Firmware | ||
| All of | ||
| HUAWEI Honor V20 firmware | <10.1.0.214\(c10e5r4p3\) | |
| Huawei Honor View 20 Firmware | ||
| All of | ||
| Huawei Jakarta-AL00a | <9.1.0.260\(c00e120r2p2\) | |
| Huawei Jakarta-AL00a Firmware | ||
| All of | ||
| Huawei Johnson-TL00D | <9.1.0.219\(c01e18r3p2t8\) | |
| Huawei Johnson-TL00D Firmware | ||
| All of | ||
| Huawei Leland AL10B | <9.1.0.130\(c00e112r2p10t8\) | |
| Huawei Leland-AL10B Firmware | ||
| All of | ||
| Huawei Leland Firmware | <9.1.0.156\(c185e5r1p5t8\) | |
| Huawei Leland-L21A Firmware | ||
| All of | ||
| Huawei Leland Firmware | <9.1.0.153\(c675e6r1p4t8\) | |
| Huawei Leland-L32A Firmware | ||
| All of | ||
| Huawei Leland Firmware | <9.1.0.130\(c01e112r2p10t8\) | |
| Huawei Leland TL10B | ||
| All of | ||
| Huawei Leland TL10C | <9.1.0.130\(c01e112r2p10t8\) | |
| Huawei Leland-TL10C Firmware | ||
| All of | ||
| Huawei Leland P-AL00C Firmware | <9.1.0.130\(c00e112r2p10t8\) | |
| Huawei Lelandp-al00c Firmware | ||
| All of | ||
| Huawei Leland P-L22C Firmware | <9.1.0.156\(c636e5r1p5t8\) | |
| Huawei LelandP-L22C Firmware | ||
| All of | ||
| Huawei Neo-AL00 Firmware | <9.1.0.321\(c786e320r1p1t8\) | |
| Huawei Neo-AL00D Firmware | ||
| All of | ||
| Huawei Princeton-AL10B | <10.1.0.160\(c00e160r2p11\) | |
| Huawei Princeton-AL10B Firmware | ||
| All of | ||
| Huawei Rhone-AL00 Firmware | <8.0.0.376\(c00\) | |
| Huawei Rhone-AL00 Firmware | ||
| All of | ||
| Huawei Stanford-L09 | <9.1.0.211\(c635e2r1p4t8\) | |
| Huawei P9 | ||
| All of | ||
| Huawei Stanford-L09 Firmware | <9.1.0.210\(c432e2r1p5t8\) | |
| Huawei Stanford-L09 | ||
| All of | ||
| Huawei Sydney-AL00 | <9.1.0.212\(c00e62r1p7t8\) | |
| Huawei Sydney | ||
| All of | ||
| Huawei Sydney-TL00 | <9.1.0.212\(c01e62r1p7t8\) | |
| Huawei Sydney-TL00 Firmware | ||
| All of | ||
| Huawei SydneyM-AL00 Firmware | <9.1.0.212\(c00e62r1p7t8\) | |
| Huawei SydneyM-AL00 Firmware | ||
| All of | ||
| Huawei Firmware | <10.0.0.175\(c00e59r2p11\) | |
| Huawei Tonys | ||
| All of | ||
| Huawei Tony-AL00B Firmware | <10.0.0.175\(c01e59r2p11\) | |
| Huawei Tony-TL00B Firmware | ||
| All of | ||
| Huawei Yale-AL00A | <10.1.0.160\(c00e160r8p12\) | |
| Huawei Yale-AL50A Firmware | ||
| All of | ||
| Huawei Yale-l21a | <10.1.0.231\(c10e3r3p2\) | |
| Huawei Y5 (2017) | ||
| All of | ||
| Huawei Yale-TL00B | <10.1.0.160\(c01e160r8p12\) | |
| Huawei Yale-TL00B Firmware | ||
| All of | ||
| Huawei Honor 9i Firmware | <9.1.0.130\(c00e112r2p10t8\) | |
| Huawei Honor 9i Firmware | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.22-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com/security/bulletin/2019-10-01
- http://seclists.org/fulldisclosure/2019/Oct/38
- http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html
- https://security.netapp.com/advisory/ntap-20191031-0005/
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en
- https://seclists.org/bugtraq/2019/Nov/11
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://usn.ubuntu.com/4186-1/
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://launchpad.net/bugs/cve/CVE-2019-2215
- https://source.android.com/docs/security/bulletin/2019-10-01 (Advisory)
- https://nvd.nist.gov/vuln/detail/CVE-2019-2215
- https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f
- https://security-tracker.debian.org/tracker/CVE-2019-2215
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215
- https://ubuntu.com/security/CVE-2019-2215
Frequently Asked Questions
What is CVE-2019-2215?
CVE-2019-2215 is a use-after-free vulnerability in the Android Kernel.
How does CVE-2019-2215 affect Android Kernel?
CVE-2019-2215 allows an elevation of privilege from an application to the Linux Kernel.
What is the severity of CVE-2019-2215?
CVE-2019-2215 has a severity rating of high.
How can CVE-2019-2215 be exploited?
Exploiting CVE-2019-2215 requires either the installation of a malicious local application or a separate vulnerability in a network fa…
Are there any references for CVE-2019-2215?
References for CVE-2019-2215 can be found at the following links: [Link 1](https://source.android.com/security/bulletin/2019-10-01), [Link 2](http://seclists.org/fulldisclosure/2019/Oct/38), [Link 3](http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html).
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/title
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/remedy
- agent/trending
- agent/source
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-index
- collector/android-source
- source/Android
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- vendor/android
- canonical/google android kernel
- vendor/google
- canonical/android
- package-manager/debian
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/16.04
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp data availability services
- canonical/netapp solidfire & hci management node
- canonical/netapp service processor
- canonical/netapp solidfire & hci storage node
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp solidfire baseboard management controller firmware
- canonical/netapp solidfire
- canonical/netapp baseboard management controller firmware
- canonical/netapp fas/aff baseboard management controller
- version/netapp fas/aff baseboard management controller/a700s
- canonical/netapp aff a320 firmware
- canonical/netapp aff a320
- canonical/netapp aff c190 firmware
- canonical/netapp aff c190
- canonical/netapp aff a220 firmware
- canonical/netapp aff a220
- canonical/netapp fas2700 firmware
- canonical/netapp fas2720
- canonical/netapp fas series
- canonical/netapp aff a800 firmware
- canonical/netapp aff a800
- canonical/netapp h300s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700s
- canonical/netapp h410s
- canonical/netapp h410s firmware
- canonical/netapp h410c
- canonical/netapp h410c firmware
- canonical/netapp hci h610s firmware
- canonical/netapp h610s firmware
- vendor/huawei
- canonical/huawei alp-al00b-rsc firmware
- canonical/huawei alp-tl00b
- canonical/huawei alp-tl00b firmware
- canonical/huawei anne-al00
- canonical/huawei anne-al00 firmware
- canonical/huawei ares-al00b firmware
- canonical/huawei ares-al10d
- canonical/huawei ares-tl00c firmware
- canonical/huawei ares-tl00
- canonical/huawei bla-al00b firmware
- canonical/huawei bla-l29c firmware
- canonical/huawei bla-l29
- canonical/huawei bla-tl00b
- canonical/huawei bla-tl00b firmware
- canonical/huawei barca-al00
- canonical/huawei barca-al00 firmware
- canonical/huawei p10 firmware
- canonical/huawei p10
- canonical/huawei berkeley-tl10
- canonical/huawei berkeley-tl10 firmware
- canonical/huawei columbia-al00a firmware
- canonical/huawei lon-l29d
- canonical/huawei columbia-l29d firmware
- canonical/huawei cornell-tl10b
- canonical/huawei cornell-tl10b firmware
- canonical/huawei duke-l09i
- canonical/huawei duke-l09i firmware
- canonical/huawei dubai-al00a
- canonical/huawei figo al00a firmware
- canonical/huawei florida
- canonical/huawei florida-al20b firmware
- canonical/huawei florida l03
- canonical/huawei florida-l22 firmware
- canonical/huawei florida-tl10b firmware
- canonical/huawei mate rs firmware
- version/huawei mate rs firmware/9.1.0.321\(c786e320r1p1t8\)
- canonical/huawei p20 lite
- canonical/huawei p20
- canonical/huawei p20 lite firmware
- canonical/huawei y9 2019 firmware
- canonical/huawei nova 2s firmware
- canonical/huawei nova 3e firmware
- canonical/huawei nova 3 firmware
- canonical/huawei nova 3i firmware
- canonical/huawei honor v20 firmware
- canonical/huawei honor view 20 firmware
- canonical/huawei jakarta-al00a
- canonical/huawei jakarta-al00a firmware
- canonical/huawei johnson-tl00d
- canonical/huawei johnson-tl00d firmware
- canonical/huawei leland al10b
- canonical/huawei leland-al10b firmware
- canonical/huawei leland firmware
- canonical/huawei leland-l21a firmware
- canonical/huawei leland-l32a firmware
- canonical/huawei leland tl10b
- canonical/huawei leland tl10c
- canonical/huawei leland-tl10c firmware
- canonical/huawei leland p-al00c firmware
- canonical/huawei lelandp-al00c firmware
- canonical/huawei leland p-l22c firmware
- canonical/huawei lelandp-l22c firmware
- canonical/huawei neo-al00 firmware
- canonical/huawei neo-al00d firmware
- canonical/huawei princeton-al10b
- canonical/huawei princeton-al10b firmware
- canonical/huawei rhone-al00 firmware
- canonical/huawei stanford-l09
- canonical/huawei p9
- canonical/huawei stanford-l09 firmware
- canonical/huawei sydney-al00
- canonical/huawei sydney
- canonical/huawei sydney-tl00
- canonical/huawei sydney-tl00 firmware
- canonical/huawei sydneym-al00 firmware
- canonical/huawei firmware
- canonical/huawei tonys
- canonical/huawei tony-al00b firmware
- canonical/huawei tony-tl00b firmware
- canonical/huawei yale-al00a
- canonical/huawei yale-al50a firmware
- canonical/huawei yale-l21a
- canonical/huawei y5 (2017)
- canonical/huawei yale-tl00b
- canonical/huawei yale-tl00b firmware
- canonical/huawei honor 9i firmware