CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-1999

In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.5%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

http://www.securityfocus.com/bid/106851
https://seclists.org/bugtraq/2019/Aug/13
https://source.android.com/security/bulletin/2019-02-01
https://usn.ubuntu.com/3979-1/
https://www.debian.org/security/2019/dsa-4495
https://www.exploit-db.com/exploits/46357/
http://www.securityfocus.com/bid/106851
https://seclists.org/bugtraq/2019/Aug/13
https://source.android.com/security/bulletin/2019-02-01
https://usn.ubuntu.com/3979-1/
https://www.debian.org/security/2019/dsa-4495
https://www.exploit-db.com/exploits/46357/

Products affected by CVE-2019-1999

Canonical » Ubuntu Linux » Version: 19.04

cpe:2.3:o:canonical:ubuntu_linux:19.04
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0
Google » Android » Version: N/A

cpe:2.3:o:google:android:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1999

Products

Pricing

Contact Us