Description
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textdosandroid
https://www.exploit-db.com/exploits/46357
References (6)
Core 6
Core References
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106851
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2019-02-01
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/46357/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3979-1/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4495
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Aug/13
Scores
CVSS v3
7.8
EPSS
0.0060
EPSS Percentile
69.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (4)
canonical/ubuntu_linux
19.04
debian/debian_linux
9.0
debian/debian_linux
10.0
google/android
Published
Feb 28, 2019
Tracked Since
Feb 18, 2026