CVE-2019-2000

In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux-aws	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected
linux-azure	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.15.0-1013.13~16.04.2
	14.04 LTS trusty	Not affected
linux-flo	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-aws-hwe	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-azure-edge	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.15.0-1013.13~16.04.2
	14.04 LTS trusty	Not in release
linux	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected
linux-euclid	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gcp	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.15.0-1014.14~16.04.1
	14.04 LTS trusty	Not in release
linux-gcp-edge	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-gke	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Ignored end of standard support
	14.04 LTS trusty	Not in release
linux-goldfish	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-grouper	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-hwe	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.15.0-24.26~16.04.1
	14.04 LTS trusty	Not in release
linux-hwe-edge	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Fixed 4.15.0-24.26~16.04.1
	14.04 LTS trusty	Not in release
linux-kvm	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-lts-trusty	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-utopic	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-vivid	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-wily	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-lts-xenial	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not affected
linux-maguro	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-mako	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-manta	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Not in release
	14.04 LTS trusty	Not in release
linux-oem	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Ignored end of standard support, was needed
	14.04 LTS trusty	Not in release
linux-oracle	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-raspi2	18.10 cosmic	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
linux-snapdragon	18.10 cosmic	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release

Notes

tyhicks

As of 2019-04-09, there's not enough public information about this issue to know whether or not if affects the upstream Linux kernel.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Introduced by 19c9872, fixed by 7f3dc00

Severity score breakdown

Parameter	Value
Base score	7.8 · High
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Cvss 3 Severity Score

Status

Notes

tyhicks

Patch details

Severity score breakdown

References

Other references