Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20191030-01-BINDER
HistoryOct 30, 2019 - 12:00 a.m.

Security Advisory - Use-after-free Vulnerability in Android Kernel

2019-10-3000:00:00
Huawei Technologies
www.huawei.com
92

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.7%

JSON

There is a use-after-free vulnerability in binder.c of Android kernel. Successful exploitation may cause the attacker elevate the privilege. (Vulnerability ID: HWPSIRT-2019-10100)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-2215.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en

Affected configurations

Vulners
Node
huaweialp-al00bRange<10.0.0.162
OR
huaweialp-tl00bRange<10.0.0.162
OR
huaweiwarsaw-al00Range<9.1.0.126
OR
huaweiares-al00bRange<9.1.0.165
OR
huaweiares-al10dRange<9.1.0.165
OR
huaweiares-tl00chwMatch8.2.0.163
OR
huaweibla-al00bRange<10.0.0.170
OR
huaweibla-l29cRange<9.1.0.300
OR
huaweibla-tl00bRange<10.0.0.170
OR
huaweiwarsaw-al00Range<8.0.0.377
OR
huaweiberkeley-l09Range<9.1.0.351
OR
huaweiberkeley-tl10Range<9.1.0.333
OR
huaweicolumbia-al10bMatch8.1.0.186
OR
huaweicolumbia-l29dRange<9.1.0.325
OR
huaweicornell-tl10bRange<9.1.0.321
OR
huaweiduke-l09iRange<9.0.1.171
OR
huaweidura-tl00aRange<1.0.0.190
OR
huaweifigo-al10bRange<9.1.0.130
OR
huaweiflorida-al20bRange<9.1.0.128
OR
huaweiflorida-l03Range<9.1.0.154
OR
huaweiflorida-l21Range<9.1.0.154
OR
huaweiflorida-l22Range<9.1.0.150
OR
huaweiflorida-tl10bRange<9.1.0.128
OR
huaweimate_s_firmwareRange<9.1.0.321
OR
huaweihuawei_p20Range<9.1.0.312
OR
huaweihuawei_p20Range<9.1.0.200
OR
huaweihuawei_p20Range<9.1.0.200
OR
huaweihuawei_p20Range<9.1.0.246
OR
huaweihuawei_y9_2019Range<9.1.0.297
OR
huaweihuawei_nova_2sRange<9.1.0.210
OR
huaweihuawei_nova_3Range<9.1.0.351
OR
huaweihuawei_nova_3eRange<9.1.0.200
OR
huaweihuawei_nova_3eRange<9.1.0.201
OR
huaweihuawei_nova_3eRange<9.1.0.201
OR
huaweihonor_view_20Range<10.1.0.214
OR
huaweivicky-al00aRange<9.1.0.260
OR
huaweijohnson-tl00dMatch8.2.0.165
OR
huaweileland-al10bRange<9.1.0.130
OR
huaweileland-l21aRange<9.1.0.156
OR
huaweileland-l32aRange<9.1.0.153
OR
huaweileland-tl10bRange<9.1.0.130
OR
huaweileland-tl10cRange<9.1.0.130
OR
huaweilelandp-al00cRange<9.1.0.130
OR
huaweilelandp-l22cRange<9.1.0.156
OR
huaweineo-al00dRange<9.1.0.321
OR
huaweiprinceton-al10bRange<10.1.0.160
OR
huaweiwarsaw-al00Range<8.0.0.376
OR
huaweistanford-l09Range<9.1.0.211
OR
huaweistanford-l09sRange<9.1.0.210
OR
huaweisydney-l21Range<9.1.0.212
OR
huaweisydney-tl00Range<9.1.0.212
OR
huaweisydneym-l01Range<9.1.0.212
OR
huaweitony-al00bRange<10.0.0.175
OR
huaweitony-tl00bRange<10.0.0.175
OR
huaweiyale-al50aRange<10.1.0.160
OR
huaweiyale-l21aRange<10.1.0.231
OR
huaweiyale-tl00bRange<10.1.0.160
OR
huaweihonor_9iRange<9.1.0.130

Related

checkpoint_advisories 1
debiancve 1
cvelist 1
threatpost 6
cve 1
githubexploit 10
metasploit 1
exploitpack 1
thn 6
packetstorm 2
zdt 2
prion 1
symantec 1
attackerkb 1
nvd 1
googleprojectzero 5
redhatcve 1
ubuntucve 2
exploitdb 2
cisa_kev 3
trendmicroblog 1
qualysblog 1
androidsecurity 1
fireeye 1
impervablog 1
github 1
ubuntu 2
openvas 7
nessus 7
slackware 1
debian 2
osv 2
checkpoint_advisories
checkpoint_advisories
Android Binder Use After Free (CVE-2019-2215)
2020-01-15 00:00:00
debiancve
debiancve
CVE-2019-2215
2019-10-11 19:15:10
cvelist
cvelist
CVE-2019-2215
2019-10-11 18:16:48
threatpost
threatpost
Google Warns of Android Zero-Day Bug Under Active Attack
2019-10-04 16:20:54
SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign
2020-12-09 19:53:13
A Brisk Private Trade in Zero-Days Widens Their Use
2020-04-06 21:05:06
cve
cve
CVE-2019-2215
2019-10-11 19:15:10
githubexploit
githubexploit
Exploit for Use After Free in Google Android
2021-05-07 16:48:40
Exploit for Use After Free in Google Android
2019-10-04 06:32:08
Exploit for Use After Free in Google Android
2019-10-16 11:27:44
metasploit
metasploit
Android Binder Use-After-Free Exploit
2019-10-17 10:48:49
exploitpack
exploitpack
Android - Binder Driver Use-After-Free
2019-10-04 00:00:00
thn
thn
Researchers Uncover SideWinder's Latest Server-Based Polymorphism Technique
2023-05-09 09:39:00
New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
2019-10-04 09:03:00
SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities
2022-06-02 09:09:00
packetstorm
packetstorm
Android Binder Use-After-Free
2019-10-18 00:00:00
Android Binder Use-After-Free
2020-02-24 00:00:00
zdt
zdt
Android Binder - Use-After-Free Exploit
2020-02-24 00:00:00
Android - Binder Driver Use-After-Free Exploit
2019-10-04 00:00:00
prion
prion
Design/Logic Flaw
2019-10-11 19:15:00
symantec
symantec
Google Android Binder CVE-2019-2215 Local Privilege Escalation Vulnerability
2019-10-02 00:00:00
attackerkb
attackerkb
CVE-2019-2215
2019-10-11 00:00:00
nvd
nvd
CVE-2019-2215
2019-10-11 19:15:10
googleprojectzero
googleprojectzero
Bad Binder: Android In-The-Wild Exploit
2019-11-21 00:00:00
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain
2022-11-04 00:00:00
Root Cause Analyses for 0-day In-the-Wild Exploits
2020-07-29 00:00:00
redhatcve
redhatcve
CVE-2019-2215
2020-02-21 15:44:29
ubuntucve
ubuntucve
CVE-2019-2215
2019-10-11 00:00:00
CVE-2020-0030
2020-02-13 00:00:00
exploitdb
exploitdb
Android Binder - Use-After-Free (Metasploit)
2020-02-24 00:00:00
Android - Binder Driver Use-After-Free
2019-10-04 00:00:00
cisa_kev
cisa_kev
Android Kernel Out-of-Bounds Write Vulnerability
2021-11-03 00:00:00
Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability
2021-11-03 00:00:00
Android Kernel Use-After-Free Vulnerability
2021-11-03 00:00:00
trendmicroblog
trendmicroblog
This Week in Security News: INTERPOL Collaboration Reduces Cryptojacking by 78% and Three Malicious Apps Found on Google Play May be Linked to SideWinder APT Group
2020-01-10 13:37:59
qualysblog
qualysblog
Expand Your Vulnerability & Patch Management Program to Mobile Devices with Qualys VMDR
2021-02-10 21:17:00
androidsecurity
androidsecurity
Pixel Update Bulletinβ€”October 2019
2019-10-07 00:00:00
fireeye
fireeye
Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill β€” Intelligence for Vulnerability Management, Part One
2020-04-06 00:00:00
impervablog
impervablog
The State of Vulnerabilities in 2019
2020-01-23 08:56:58
github
github
Pwning the all Google phone with a non-Google bug
2023-01-23 15:05:19
ubuntu
ubuntu
Linux kernel vulnerability
2019-11-13 00:00:00
Linux kernel vulnerabilities
2019-11-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4186-1)
2019-11-13 00:00:00
Slackware: Security Advisory (SSA:2019-311-01)
2022-04-21 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2693)
2020-01-23 00:00:00
nessus
nessus
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4186-1)
2019-11-13 00:00:00
Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01)
2019-11-08 00:00:00
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2693)
2019-12-23 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2019-11-07 22:31:40
debian
debian
[SECURITY] [DLA 2068-1] linux security update
2020-01-18 04:38:12
[SECURITY] [DLA 2114-1] linux-4.9 security update
2020-03-02 18:14:56
osv
osv
linux - security update
2020-01-17 00:00:00
linux-4.9 - security update
2020-02-21 00:00:00

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.7%

JSON
Related for HUAWEI-SA-20191030-01-BINDER
checkpoint_advisories1debiancve1cvelist1threatpost6cve1githubexploit10metasploit1exploitpack1thn6packetstorm2zdt2prion1symantec1attackerkb1nvd1googleprojectzero5redhatcve1ubuntucve2exploitdb2cisa_kev3trendmicroblog1qualysblog1androidsecurity1fireeye1impervablog1github1ubuntu2openvas7nessus7slackware1debian2osv2