CVE-2019-2215

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://source.android.com/security/bulletin/2019-10-01", "name": "https://source.android.com/security/bulletin/2019-10-01", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://seclists.org/fulldisclosure/2019/Oct/38", "name": "20191018 CVE 2019-2215 Android Binder Use After Free", "tags": [], "refsource": "FULLDISC"}, {"url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html", "name": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html", "tags": [], "refsource": "MISC"}, {"url": "https://security.netapp.com/advisory/ntap-20191031-0005/", "name": "https://security.netapp.com/advisory/ntap-20191031-0005/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en", "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en", "tags": [], "refsource": "CONFIRM"}, {"url": "https://seclists.org/bugtraq/2019/Nov/11", "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "tags": [], "refsource": "MISC"}, {"url": "https://usn.ubuntu.com/4186-1/", "name": "USN-4186-1", "tags": [], "refsource": "UBUNTU"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "tags": [], "refsource": "MLIST"}, {"url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html", "name": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html", "tags": [], "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-416"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-2215", "ASSIGNER": "security@android.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2019-10-11T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-18T19:15Z"}