CVE-2019-2215
Android Kernel Use-After-Free Vulnerability
7.8
HIGH
CVSS 3.1
⚠ KEVEPSS 51.5%
Description
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
How to fix CVE-2019-2215
To remediate CVE-2019-2215, upgrade the affected package to a fixed version below.
- —upgrade to 4.15.4-1 or later
Is CVE-2019-2215 being exploited?
Yes — CVE-2019-2215 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (1)
- from 0, < 4.15.4-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |