VDB

CVE-2019-2025

CVE-2019-2025 PUBLISHED

In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel

EPSS 0.19% · 40.5th percentile

Risk Scores

EPSS Score
0.19%
40.5th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:FIPS:18.04:LTSlinux-azure-fips4.15.0-1002.2, 0
Ubuntu:Pro:FIPS:18.04:LTSlinux-gcp-fips0, 4.15.0-1001.1
Ubuntu:20.04:LTSlinux-raspi25.3.0-1007.8, 0, 5.3.0-1014.16
Ubuntu:20.04:LTSlinux-gke5.4.0-1065.68, 5.4.0-1067.70, 5.4.0-1068.71
Ubuntu:22.04:LTSlinux-riscv0, 5.13.0-1004.4, 5.13.0-1006.6+22.04.1
Ubuntu:24.04:LTSlinux-raspi-realtime6.8.0-2019.20, 0
Ubuntu:20.04:LTSlinux-azure-fde*, 5.4.0-1064.67+cvm1.1, 5.4.0-1065.68+cvm2.1
Ubuntu:22.04:LTSlinux-intel-iot-realtime0, 5.15.0-1073.75
Ubuntu:20.04:LTSlinux-riscv5.4.0-26.30, 5.4.0-27.31, 5.4.0-24.28
Ubuntu:Pro:FIPS:18.04:LTSlinux-aws-fips4.15.0-2000.4, 0
Ubuntu:Pro:FIPS-updates:18.04:LTSlinux-azure-fips4.15.0-1002.2, 0
Ubuntu:22.04:LTSlinux-realtime0, 5.15.0-1032.35
Ubuntu:Pro:FIPS-updates:18.04:LTSlinux-aws-fips0, 4.15.0-2000.4

Timeline

  • Mar 5, 2019 CVE Published
  • Mar 6, 2019 PoC Published
  • Mar 6, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 25, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 27, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 2, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›