CISA KEV 정보
| 취약점명 | Android Kernel Use-After-Free Vulnerability |
|---|---|
| 설명 | Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu." |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-416 |
| 등록일 (KEV) | 2021-11-03 |
| 조치 기한 | 2022-05-03 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2019-2215 |
NVD 상세 정보
CVSS v3.1: 7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P설명: A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
CWE: CWE-416 | CWE-416
참조
- http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html [Patch, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html [Exploit, Third Party Advisory, VDB Entry]
- http://seclists.org/fulldisclosure/2019/Oct/38 [Mailing List, Third Party Advisory]
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en [Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html [Mailing List, Third Party Advisory]
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html [Mailing List, Third Party Advisory]
- https://seclists.org/bugtraq/2019/Nov/11 [Mailing List, Patch, Third Party Advisory]
- https://security.netapp.com/advisory/ntap-20191031-0005/ [Third Party Advisory]
- https://source.android.com/security/bulletin/2019-10-01 [Vendor Advisory]
- https://usn.ubuntu.com/4186-1/ [Third Party Advisory]
- http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html [Patch, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html [Exploit, Third Party Advisory, VDB Entry]
- http://seclists.org/fulldisclosure/2019/Oct/38 [Mailing List, Third Party Advisory]
- ... 외 8건
This product uses the NVD API but is not endorsed or certified by the NVD.