7.8

CVE-2019-1999

Exploit
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version-
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
CanonicalUbuntu Linux Version19.04
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.79% 0.514
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://source.android.com/security/bulletin/2019-02-01
Vendor Advisory
http://www.securityfocus.com/bid/106851
Broken Link
https://seclists.org/bugtraq/2019/Aug/13
Third Party Advisory
Mailing List
https://usn.ubuntu.com/3979-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4495
Third Party Advisory
https://www.exploit-db.com/exploits/46357/
Third Party Advisory
Exploit
VDB Entry