CVE-2019-2215

Home/CVE/Android Kernel Use-After-Free Vulnerability

CVE

Android Kernel Use-After-Free Vulnerability

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095.

HIGH · CVSS 7.8 ⚠ CISA KEV EPSS 0.51467

Act now

Listed on CISA KEV (known exploited in the wild)
SSVC exploitation status: active
EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
EPSS percentile: top 2% of all CVEs by exploitation likelihood
Public exploit or PoC is available
CVSS base score ≥ 7.0

Sigma rules10 YARA rules0

⬢

Required Remediation

Apply updates per vendor instructions.

◆

Threat Actors Linked

actorSideWinder

⬡

Weakness Classification

CWE-416Use After Free

▤

Affected Products & Versions

google androidall versions
debian linuxall versions
canonical ubuntu linuxall versions
netapp cloud backupall versions
netapp data availability servicesall versions
netapp hci management nodeall versions
netapp service processorall versions
netapp solidfireall versions
Show all 60 affected productsnetapp steelstore cloud integrated storageall versions
netapp solidfire baseboard management controller firmwareall versions
netapp aff baseboard management controller firmwareall versions
netapp a320 firmwareall versions
netapp c190 firmwareall versions
netapp a220 firmwareall versions
netapp fas2720 firmwareall versions
netapp fas2750 firmwareall versions
netapp a800 firmwareall versions
netapp h300s firmwareall versions
netapp h500s firmwareall versions
netapp h700s firmwareall versions
netapp h410s firmwareall versions
netapp h410c firmwareall versions
netapp h610s firmwareall versions
huawei alp-al00b firmware< 10.0.0.162\(c00e156r2p4\)
huawei alp-tl00b firmware< 10.0.0.162\(c01e156r1p4\)
huawei anne-al00 firmware< 9.1.0.126\(c00e126r1p7t8\)
huawei ares-al00b firmware< 9.1.0.165\(c00e165r2p5t8\)
huawei ares-al10d firmware< 9.1.0.165\(c00e165r2p5t8\)
huawei ares-tl00chw firmware< 8.2.0.163\(c01r2p1\)
huawei bla-al00b firmware< 10.0.0.170\(c786e170r2p4\)
huawei bla-l29c firmware< 9.1.0.300\(c432e4r1p11t8\)
huawei bla-tl00b firmware< 10.0.0.170\(c01e170r1p4\)
huawei barca-al00 firmware< 8.0.0.377\(c00\)
huawei berkeley-l09 firmware< 9.1.0.351\(c432e5r1p13t8\)
huawei berkeley-tl10 firmware< 9.1.0.333\(c01e333r1p1t8\)
huawei columbia-al00a firmware< 8.1.0.186\(c00gt\)
huawei columbia-l29d firmware< 9.1.0.325\(c432e4r1p12t8\)
huawei cornell-tl10b firmware< 9.1.0.321\(c01e320r1p1t8\)
huawei duke-l09i firmware< 9.0.1.171\(c675e6r1p5t8\)
huawei dura-al00a firmware< 1.0.0.190\(c00\)
huawei figo-al00a firmware< 9.1.0.130\(c00e115r2p8t8\)
huawei florida-al20b firmware< 9.1.0.128\(c00e112r1p6t8\)
huawei florida-l03 firmware< 9.1.0.154\(c605e7r1p2t8\)
huawei florida-l21 firmware< 9.1.0.154\(c605e7r1p2t8\)
huawei florida-l22 firmware< 9.1.0.150\(c636e6r1p5t8\)
huawei florida-tl10b firmware< 9.1.0.128\(c01e112r1p6t8\)
huawei mate rs firmwareall versions
huawei p20 firmware< 9.1.0.312\(c00e312r1p1t8\)
huawei p20 lite firmware< 9.1.0.200\(c605e4r1p3t8\)
huawei p20 lite firmware< 9.1.0.200\(c635e5r1p1t8\)
huawei p20 lite firmware< 9.1.0.246\(c432e6r1p7t8\)
huawei y9 2019 firmware< 9.1.0.297\(c605e4r1p1t8\)
huawei nova 2s firmware< 9.1.0.210\(c01e110r1p9t8\)
huawei nova 3 firmware< 9.1.0.351\(c00e351r1p1t8\)
huawei nova 3e firmware< 9.1.0.200\(c636e4r1p5t8\)
huawei p20 lite firmware< 9.1.0.200\(c636e4r1p5t8\)
huawei p20 lite firmware< 9.1.0.201\(c636e4r1p5t8\)
huawei nova 3e firmware< 9.1.0.201\(c636e4r1p5t8\)
huawei nova 3e firmware< 9.1.0.201\(zafc185e4r1p8t8\)
huawei p20 lite firmware< 9.1.0.201\(zafc185e4r1p8t8\)

⚠

Public Exploits & PoCs

localAndroid Binder - Use-After-Free (Metasploit)verified
localAndroid - Binder Driver Use-After-Freeverified
pocpacketstormsecurity.com · Android-Binder-Use-After-Free.htmlpacketstormsecurity.com
pocpacketstormsecurity.com · Slackware-Security-Advisory-Slackware-14.2-kernel-Updates...packetstormsecurity.com
pocpacketstormsecurity.com · Android-Binder-Use-After-Free.htmlpacketstormsecurity.com

◈

Sigma Hunt Rules

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

relatedcriticalAntivirus Password Dumper Detection

relatedcriticalHacktool Execution - Imphash

relatedcriticalHackTool - Rubeus Execution

relatedcriticalPotential Credential Dumping Via LSASS Process Clone

relatedcriticalWCE wceaux.dll Access

relatedcriticalHackTool - Dumpert Process Dumper Default File

Show all 10 top matches

relatedcriticalHackTool - Credential Dumping Tools Named Pipe Created

relatedcriticalHackTool - Inveigh Execution

relatedcriticalHackTool - SafetyKatz Execution

relatedcriticalHackTool - Dumpert Process Dumper Execution

▣

Scoring & Timeline

7.8

HIGH · CVSS v3.1 · security@android.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD11 Oct 2019 · 07:15 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC triage · cisa-vulnrichment

Exploitation

active

Automatable

Technical impact

total

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

cisaKEV-CVE-2019-2215
usnUSN-4186-1
android-securityANDROID-2019-10-01High

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://seclists.org/fulldisclosure/2019/Oct/38Mailing ListThird Party Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-enThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/01/msg00013.htmlMailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlMailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Nov/11Mailing ListPatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20191031-0005/Third Party Advisory

Show all 9 references

https://source.android.com/security/bulletin/2019-10-01Vendor Advisory

https://usn.ubuntu.com/4186-1/Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215US Government Resource

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin