Skip to main content

Android CVE-2019-2215

HIGH
Use After Free (CWE-416)
2019-10-11 security@android.com
Use After Free Linux Information Disclosure Memory Corruption Android Debian Linux Ubuntu Linux Cloud Backup Data Availability Services Hci Management Node Service Processor Solidfire Steelstore Cloud Integrated Storage Solidfire Baseboard Management Controller Firmware Aff Baseboard Management Controller Firmware A320 Firmware C190 Firmware A220 Firmware Fas2720 Firmware Fas2750 Firmware A800 Firmware H300s Firmware H500s Firmware H700s Firmware H410s Firmware H410c Firmware H610S Firmware Alp Al00B Firmware Alp Tl00B Firmware Anne Al00 Firmware Ares Al00B Firmware Ares Al10D Firmware Ares Tl00Chw Firmware Bla Al00B Firmware Bla L29C Firmware Bla Tl00B Firmware Barca Al00 Firmware Berkeley L09 Firmware Berkeley Tl10 Firmware Columbia Al00A Firmware Columbia L29D Firmware Cornell Tl10B Firmware Duke L09I Firmware Dura Al00A Firmware Figo Al00A Firmware Florida Al20B Firmware Florida L03 Firmware Florida L21 Firmware Florida L22 Firmware Florida Tl10B Firmware Mate Rs Firmware P20 Firmware P20 Lite Firmware Y9 2019 Firmware Nova 2S Firmware Nova 3 Firmware Nova 3E Firmware Honor View 20 Firmware Jakarta Al00A Firmware Johnson Tl00D Firmware Leland Al10B Firmware Leland L21A Firmware Leland L32A Firmware Leland Tl10B Firmware Leland Tl10C Firmware Lelandp Al00C Firmware Lelandp L22C Firmware Neo Al00D Firmware Princeton Al10B Firmware Rhone Al00 Firmware Stanford L09 Firmware Stanford L09S Firmware Sydney Al00 Firmware Sydney Tl00 Firmware Sydneym Al00 Firmware Tony Al00B Firmware Tony Tl00B Firmware Yale Al00A Firmware Yale L21A Firmware Yale Tl00B Firmware Honor 9I Firmware
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Added to CISA KEV
Jul 14, 2026 - 04:22 CISA
CVE Published
Oct 11, 2019 - 19:15 nvd
HIGH 7.8

DescriptionNVD

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

AnalysisAI

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 Affected products include: Google Android, Debian Debian Linux, Canonical Ubuntu Linux, Netapp Cloud Backup, Netapp Data Availability Services.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

CVE-2015-3105 CRITICAL POC
10.0 Jun 10

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466

CVE-2015-3864 CRITICAL POC
10.0 Oct 01

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in A

CVE-2013-4710 CRITICAL POC
9.3 Mar 03

Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly imp

CVE-2015-1538 CRITICAL POC
10.0 Oct 01

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android bef

CVE-2024-21633 HIGH POC
7.8 Jan 03

Apktool versions 2.9.1 and prior contain a path traversal vulnerability when processing Android APK files. Malicious APK

CVE-2017-13156 HIGH POC
7.8 Dec 06

An elevation of privilege vulnerability in the Android system (art). Rated high severity (CVSS 7.8), this vulnerability

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-3106 CRITICAL POC
10.0 Jun 10

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows

CVE-2015-3107 CRITICAL POC
10.0 Jun 10

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows

CVE-2013-4787 CRITICAL POC
9.3 Jul 09

Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows

CVE-2014-7911 HIGH
7.2 Dec 15

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.

CVE-2016-0801 CRITICAL POC
9.8 Feb 07

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01

Share

CVE-2019-2215 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy