cbcvebase.
CVE-2019-1999
published 2019-02-28

CVE-2019-1999: In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the…

PriorityP346high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
0.79%
51.6th percentile
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.

Affected

10 ranges
VendorProductVersion rangeFixed in
androidandroid
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianlinux< linux 5.2.6-1 (bookworm)linux 5.2.6-1 (bookworm)
googleandroid
linuxlinux_kernel>= 0 < 5.2.6-15.2.6-1
linuxlinux_kernel>= 0 < 5.2.6-15.2.6-1
linuxlinux_kernel>= 0 < 5.2.6-15.2.6-1
linuxlinux_kernel>= 0 < 5.2.6-15.2.6-1

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_ubuntu5.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.