CVE-2019-1999

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.11 % (44^th)

Affected Products 3

Advisories 2

In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.

Weaknesses

CWE-415: Double Free

CVE Status: PUBLISHED
CNA: Android (associated with Google Inc. or Open Handset Alliance)
Published Date: 2019-02-28 17:29:00
(5 years ago)
Updated Date: 2022-04-22 20:42:08
(2 years ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Google Android	cpe:2.3:o:google:android:-

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04

Weaknesses

Affected Products

Canonical

Debian

Google

Configuration #1

Configuration #2

Configuration #3