VDB
CVE-2019-2215
CVE-2019-2215
PUBLISHED
KEV
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
EPSS 51.47% · 97.9th percentile
Risk Scores
EPSS Score
51.47%
97.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | linux-riscv | 0, 5.4.0-31.35, 5.4.0-33.37 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:22.04:LTS | linux-realtime | 0, 5.15.0-1032.35 |
| Ubuntu:16.04:LTS | linux-azure | 4.11.0-1014.14, 0, 4.13.0-1007.9 |
| Ubuntu:Pro:FIPS:16.04:LTS | linux-fips | 4.4.0-1008.10, 4.4.0-1013.17, 4.4.0-1021.26 |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1104.111, 5.4.0-1043.45, 5.4.0-1042.44 |
| Ubuntu:Pro:14.04:LTS | linux-lts-xenial | 4.4.0-142.168~14.04.1, 4.4.0-144.170~14.04.1, 4.4.0-146.172~14.04.1 |
| Ubuntu:22.04:LTS | linux-riscv | 5.15.0-1022.26, *, 5.13.0-1010.11+22.04.1 |
| Ubuntu:16.04:LTS | linux-gcp | 4.13.0-1017.21, 4.13.0-1019.23, 4.13.0-1013.17 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.10.0-26.30~16.04.1, 4.10.0-22.24~16.04.1, 0 |
| Ubuntu:18.04:LTS | linux-snapdragon | 4.4.0-1077.82, 4.4.0-1078.83, 4.4.0-1079.84 |
| Ubuntu:16.04:LTS | linux-aws | 4.4.0-1073.83, 0, 4.4.0-1001.10 |
| Ubuntu:16.04:LTS | linux-hwe | *, *, * |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 5.15.0-1073.75, 0 |
| Ubuntu:Pro:14.04:LTS | linux-aws | 4.4.0-1036.39, 4.4.0-1037.40, 4.4.0-1038.41 |
| Ubuntu:16.04:LTS | linux | 4.4.0-79.100, 0, 4.2.0-16.19 |
| Ubuntu:20.04:LTS | linux-azure-fde | 0, *, * |
| Ubuntu:16.04:LTS | linux-kvm | 4.4.0-1048.55, 4.4.0-1052.59, 4.4.0-1054.61 |
| Ubuntu:16.04:LTS | linux-raspi2 | 4.4.0-1070.78, 4.4.0-1055.62, 4.4.0-1057.64 |
| Ubuntu:16.04:LTS | linux-snapdragon | 4.4.0-1051.55, 4.4.0-1050.54, 4.4.0-1048.52 |
Exploit Intelligence
- mythicaltree/CVE-2019-2215 (github-poc-repo)
- mythicaltree/CVE-2019-2215 (github-poc-repo)
- mythicaltree/CVE-2019-2215 (github-poc-repo)
- mythicaltree/CVE-2019-2215 (github-poc-repo)
- mythicaltree/CVE-2019-2215 (github-poc-repo)
- mythicaltree/CVE-2019-2215 (github-poc-repo)
- mythicaltree/CVE-2019-2215 (github-poc-repo)
- mythicaltree/CVE-2019-2215 (github-poc)
- mythicaltree/CVE-2019-2215 (github-poc)
- mythicaltree/CVE-2019-2215 (github-poc)
…and 355 more exploits
Timeline
- Oct 4, 2019 PoC Published
- Oct 6, 2019 PoC Published
- Oct 8, 2019 CVE Published
- Feb 24, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Sep 16, 2021 EPSS Score
- Nov 3, 2021 CISA KEV Added
- Jul 26, 2024 EPSS Score
- Dec 17, 2024 EPSS Score
- Mar 21, 2025 EPSS Score
- Apr 18, 2025 EPSS Score
- May 11, 2025 PoC Published
References
- https://ubuntu.com/security/CVE-2019-2215 third-party-advisory
- https://source.android.com/security/bulletin/2019-10-01 third-party-advisory
- https://ubuntu.com/security/notices/USN-4186-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-2215 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory