CVE-2019-2025
published 2019-06-19CVE-2019-2025: In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel…
PriorityP345high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
0.52%
40.4th percentile
In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.19.9-1 (bookworm) | linux 4.19.9-1 (bookworm) |
| android | — | — | |
| linux | linux_kernel | >= 0 < 4.19.9-1 | 4.19.9-1 |
| linux | linux_kernel | >= 0 < 4.19.9-1 | 4.19.9-1 |
| linux | linux_kernel | >= 0 < 4.19.9-1 | 4.19.9-1 |
| linux | linux_kernel | >= 0 < 4.19.9-1 | 4.19.9-1 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Kernel
list: Introduce CONFIG_LIST_HARDENED
kernel_security·2023-08-11·CVSS 7.8
CVE-2019-2025 [HIGH] list: Introduce CONFIG_LIST_HARDENED
list: Introduce CONFIG_LIST_HARDENED
Numerous production kernel configs (see [1, 2]) are choosing to enable
CONFIG_DEBUG_LIST, which is also being recommended by KSPP for hardened
configs [3]. The motivation behind this is that the option can be used
as a security hardening feature (e.g. CVE-2019-2215 and CVE-2019-2025
are mitigated by the option [4]).
The feature has never been designed with performance in mind, yet common
list manipulation is happening across hot paths all over the kernel.
Introduce CONFIG_LIST_HARDENED, which performs list pointer checking
inline, and only upon list corruption calls the reporting slow path.
To generate optimal machine code with CONFIG_LIST_HARDENED:
1. Elide checking for pointer values which upon dereference would
result in an immediate access faul
GHSA
GHSA-rw3m-hc9w-4j75: In binder_thread_read of binder
ghsa_unreviewed·2022-05-24
CVE-2019-2025 [HIGH] CWE-416 GHSA-rw3m-hc9w-4j75: In binder_thread_read of binder
In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel
OSV
CVE-2019-2025: In binder_thread_read of binder
osv·2019-06-19·CVSS 7.8
CVE-2019-2025 [HIGH] CVE-2019-2025: In binder_thread_read of binder
In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel
Red Hat
kernel: Use-after-free due to race condition in android/binder.c
vendor_redhat·2019-03-04·CVSS 7.8
CVE-2019-2025 [HIGH] CWE-362 kernel: Use-after-free due to race condition in android/binder.c
kernel: Use-after-free due to race condition in android/binder.c
In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-alt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Package: kernel
Android
CVE-2019-2025: Binder driver
vendor_android·2019-03-01·CVSS 7.8
CVE-2019-2025 [HIGH] CVE-2019-2025: Binder driver
Android Security Bulletin 2019-03-01
CVE: CVE-2019-2025
Severity: HIGH
Type: EoP
Component: Binder driver
References: A-116855682
Upstream kernel
Debian
CVE-2019-2025: linux - In binder_thread_read of binder.c, there is a possible use-after-free due to imp...
vendor_debian·2019·CVSS 7.8
CVE-2019-2025 [HIGH] CVE-2019-2025: linux - In binder_thread_read of binder.c, there is a possible use-after-free due to imp...
In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel
Scope: local
bookworm: resolved (fixed in 4.19.9-1)
bullseye: resolved (fixed in 4.19.9-1)
forky: resolved (fixed in 4.19.9-1)
sid: resolved (fixed in 4.19.9-1)
trixie: resolved (fixed in 4.19.9-1)
No detection rules found.
Exploit-DB
jQuery 3.3.1 - Prototype Pollution & XSS Exploit
exploitdb·2025-04-08·CVSS 6.1
CVE-2020-7656 [MEDIUM] jQuery 3.3.1 - Prototype Pollution & XSS Exploit
jQuery 3.3.1 - Prototype Pollution & XSS Exploit
---
# Exploit Title: jQuery Prototype Pollution & XSS Exploit (CVE-2019-11358 & CVE-2020-7656)
# Google Dork: N/A
# Date: 2025-02-13
# Exploit Author: xOryus
# Vendor Homepage: https://jquery.com
# Software Link: https://code.jquery.com/jquery-3.3.1.min.js
# Version: 3.3.1
# Tested on: Windows 10, Ubuntu 20.04, Chrome 120, Firefox 112
# CVE : CVE-2019-11358, CVE-2020-7656
# Category: WebApps
# Description:
# This exploit abuses two vulnerabilities in jQuery:
# - CVE-2020-7656: XSS via improper script handling
# - CVE-2019-11358: Prototype Pollution leading to XSS
# By injecting payloads into a vulnerable page using jQuery alert('XSS via CVE-2020-7656: ' + document.domain)"; // Space after
$('body').append(maliciousContent);
console.log("[
Exploit-DB
Android - binder Use-After-Free via racy Initialization of ->allow_user_free
exploitdb·2019-03-06
CVE-2019-2025 Android - binder Use-After-Free via racy Initialization of ->allow_user_free
Android - binder Use-After-Free via racy Initialization of ->allow_user_free
---
The following bug report solely looks at the situation on the upstream master
branch; while from a cursory look, at least the wahoo kernel also looks
affected, I have only properly tested this on upstream master.
The binder driver permits userspace to free buffers in the kernel-managed shared
memory region by using the BC_FREE_BUFFER command. This command implements the
following restrictions:
- binder_alloc_prepare_to_free_locked() verifies that the pointer points to a
buffer
- binder_alloc_prepare_to_free_locked() verifies that the ->free_in_progress
flag is not yet set, and sets it
- binder_thread_write() verifies that the ->allow_user_free flag is set
The first two of these checks happen with alloc->m
Bugzilla
CVE-2019-2025 kernel: Use-after-free due to race condition in android/binder.c [fedora-all]
bugzilla·2019-04-04·CVSS 7.8
CVE-2019-2025 [HIGH] CVE-2019-2025 kernel: Use-after-free due to race condition in android/binder.c [fedora-all]
CVE-2019-2025 kernel: Use-after-free due to race condition in android/binder.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supp
Bugzilla
CVE-2019-2025 kernel: Use-after-free due to race condition in android/binder.c
bugzilla·2019-04-04·CVSS 7.8
CVE-2019-2025 [HIGH] CVE-2019-2025 kernel: Use-after-free due to race condition in android/binder.c
CVE-2019-2025 kernel: Use-after-free due to race condition in android/binder.c
A race condition in the Linux kernel may lead to malicious code being able to free buffers using the BC_FREE_BUFFER ioctl to binder and trigger use-after-free in android/binder.c causing denial of service.
Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bada55ab50697861eee6bb7d60b41e68a961a9c
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1696021]
---
While Fedora does not enable the android drivers, this was fixed upstream in 4.20 kernels.
Checkpoint
31st October – Threat Intelligence Report
blogs_checkpoint·2022-10-31
CVE-2022-3723 31st October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 31st October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 31st October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
US-based communications company Twilio has disclosed a new data breach that occurred on June 2022 allegedly by the same threat actors behind the August hack. The hackers have used voice phishing to trick a Twilio employee into handling over their credentials, which the hackers then used to access customer information.
Cu
Checkpoint
10th October – Threat Intelligence Report
blogs_checkpoint·2022-10-10
CVE-2022-41352 10th October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 10th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 10th October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
CommonSpirit Health, the second-largest nonprofit hospital chain in the U.S with 140 hospitals and over 1,000 facilities in 21 states, suffered a cybersecurity incident that disrupted medical services across the country. Facilities in Iowa, Nebraska, Tennessee and Washington were among those affected. The nature of the at
Checkpoint
28th June – Threat Intelligence Report
blogs_checkpoint·2021-06-28
CVE-2021-21998 28th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 28th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 28th June, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Russian-based threat group Nobelium is using password spraying and brute force attacks to gain access to corporate networks. The group, which was behind the SolarWinds supply-chain attack, deployed an information-stealing Trojan on a Microsoft customer support agent’s computer to steal information. Over half of the targets were
2019-06-19
Published