Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1999Double Free in Android

CWE-415Double Free8 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.6%
top 30.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Linux KernelDebian LinuxAndroid+3 more
Timeline
PublishedFeb 28
Latest updateApr 30

Description

In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5android/androidAndroid kernel
Debianlinux/linux_kernel< 5.2.6-1+3
debiandebian/linux< linux 5.2.6-1 (bookworm)

Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 19.04

🔴Vulnerability Details

2
GHSA
GHSA-h74g-q6cf-5qxm: In binder_alloc_free_page of binder_alloc2022-04-30
OSV
CVE-2019-1999: In binder_alloc_free_page of binder_alloc2019-02-28

💥Exploits & PoCs

2
Exploit-DB
Android - binder Use-After-Free of VMA via race Between reclaim and munmap2019-02-12
Exploit-DB
Greg Matthews - 'Classifieds.cgi' 1.0 Hidden Variable1998-12-15

📋Vendor Advisories

3
Ubuntu
Linux kernel vulnerabilities2019-05-14
Android
CVE-2019-1999: Binder driver2019-02-01
Debian
CVE-2019-1999: linux - In binder_alloc_free_page of binder_alloc.c, there is a possible double free due...2019