CVE-2019-2215
Published: 11 October 2019
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
From the Ubuntu Security Team
Maddie Stone discovered that the Binder IPC Driver implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Notes
| Author | Note |
|---|---|
| sbeattie | from the project zero report: enabling CONFIG_DEBUG_LIST breaks the primitive. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(4.16~rc1)
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| xenial |
Released
(4.4.0-1098.109)
|
|
| bionic |
Not vulnerable
(4.15.0-1001.1)
|
|
| disco |
Not vulnerable
(4.18.0-1002.3)
|
|
| eoan |
Not vulnerable
(5.0.0-1004.4)
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(4.16~rc1)
|
| trusty |
Does not exist
|
|
| xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
| bionic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
upstream |
Released
(4.16~rc1)
|
| trusty |
Does not exist
|
|
| xenial |
Does not exist
|
|
| bionic |
Not vulnerable
(5.0.0-1021.24~18.04.1)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
upstream |
Released
(4.16~rc1)
|
| trusty |
Does not exist
|
|
| bionic |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| xenial |
Does not exist
|
|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-10.11)
|
| disco |
Not vulnerable
(4.18.0-10.11)
|
|
| eoan |
Not vulnerable
(5.0.0-13.14)
|
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Released
(4.4.0-168.197)
|
|
|
Patches: Introduced by 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 |
||
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
| disco |
Not vulnerable
(4.18.0-1003.3)
|
|
| eoan |
Not vulnerable
(5.0.0-1004.4)
|
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Released
(4.15.0-1013.13~16.04.2)
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Ignored
(end of standard support, was pending)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
| disco |
Not vulnerable
(4.18.0-1002.3)
|
|
| eoan |
Not vulnerable
(5.0.0-1004.4)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Released
(4.15.0-1014.14~16.04.1)
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1001.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1030.32)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1011.11~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-13.14~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Released
(4.15.0-24.26~16.04.1)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-15.16~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Ignored
(end of life, was pending)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.2)
|
| disco |
Not vulnerable
(4.18.0-1003.3)
|
|
| eoan |
Not vulnerable
(5.0.0-1004.4)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Released
(4.4.0-1062.69)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Ignored
(was needs-triage ESM criteria)
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.3)
|
| disco |
Not vulnerable
(4.15.0-1021.24)
|
|
| eoan |
Not vulnerable
(4.15.0-1035.40)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
|
linux-oem-5.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1010.11)
|
| disco |
Not vulnerable
(5.0.0-1010.11)
|
|
| eoan |
Not vulnerable
(5.0.0-1010.11)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1007.9)
|
| disco |
Not vulnerable
(4.15.0-1007.9)
|
|
| eoan |
Not vulnerable
(4.15.0-1011.13)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1007.12~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1006.7)
|
| disco |
Not vulnerable
(4.18.0-1005.7)
|
|
| eoan |
Not vulnerable
(5.0.0-1006.6)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Released
(4.4.0-1125.134)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1053.57)
|
| disco |
Not vulnerable
(5.0.0-1010.10)
|
|
| eoan |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(4.16~rc1)
|
|
| xenial |
Released
(4.4.0-1129.137)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |