⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2019-2215

CWE-416Use After FreeCWE-119Buffer OverflowCWE-787Out-of-bounds WriteCWE-20Improper Input Validation28 documents16 sources
Severity
7.8HIGH
EPSS
50.8%
top 2.14%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
56
Huawei Alp-al00b FirmwareHuawei Alp-tl00b FirmwareHuawei Anne-al00 Firmware+53 more
Timeline
PublishedOct 11
KEV addedNov 3
KEV dueMay 3
Latest updateAug 11
CISA Required Action: Apply updates per vendor instructions.

Description

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages56 packages

Debianlinux< 4.15.4-1+3
NVDhuawei/p20_firmware< 9.1.0.312\(c00e312r1p1t8\)
NVDhuawei/nova_3_firmware< 9.1.0.351\(c00e351r1p1t8\)
NVDhuawei/nova_2s_firmware< 9.1.0.210\(c01e110r1p9t8\)
NVDhuawei/nova_3e_firmware< 9.1.0.200\(c636e4r1p5t8\)+2

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04

Patches

Patch: packetstormsecurity.comPatch: seclists.orgPatch: packetstormsecurity.com

🔴Vulnerability Details

11
Kernel
list: Introduce CONFIG_LIST_HARDENED2023-08-11
Project0
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain - Project Zero2022-11-01
GHSA
GHSA-m7g6-9cwp-6jgm: A use-after-free in binder2022-05-24
Project0
The More You Know, The More You Know You Don’t Know - Project Zero2022-04-01
Project0
Root Cause Analyses for 0-day In-the-Wild Exploits - Project Zero2020-07-01

💥Exploits & PoCs

3
Exploit-DB
Android Binder - Use-After-Free (Metasploit)2020-02-24
Exploit-DB
Android - Binder Driver Use-After-Free2019-10-04
Metasploit
Android Binder Use-After-Free Exploit

📋Vendor Advisories

7
CISA
Android Kernel Use-After-Free Vulnerability2021-11-03
CISA
Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability2021-11-03
CISA
Android Kernel Out-of-Bounds Write Vulnerability2021-11-03
Ubuntu
Linux kernel vulnerabilities2019-11-13
Red Hat
kernel: Use-after-free in binder.c2019-10-16

🕵️Threat Intelligence

5
Trendmicro
First Binder Exploit Linked to SideWinder APT Group2020-01-06
Trendmicro
First Binder Exploit Linked to SideWinder APT Group2020-01-06
Trendmicro
First Binder Exploit Linked to SideWinder APT Group2020-01-06
Trendmicro
First Binder Exploit Linked to SideWinder APT Group2020-01-06
Trendmicro
First Binder Exploit Linked to SideWinder APT Group2020-01-06

💬Community

1
Bugzilla
CVE-2019-2215 kernel: Use-after-free in binder.c2020-02-21
CVE-2019-2215 (HIGH CVSS 7.8) | A use-after-free in binder.c allows | cvebase.io