IRONSMITHINTEL
HIGHCVSS7.8
|
Actively Exploited
|CISA KEV|CVE-2019-2215|Auth: low — authenticated user|Reboot: required|Manual only

Android Kernel Use-After-Free Vulnerability

Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."

Published Oct 11, 2019 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A local attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-05-03 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Use After Free (CWE-416) vulnerability in Android Android Kernel. A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 Exploitation requires local access, low attack complexity, a low-privilege authenticated account, and no user interaction required.

Am I affected?Quick check

Probably yes if any of these apply:

IT Security
Running android: -; debian linux: 8.0; ubuntu linux: 16.04; cloud backup: -; data availability services: -; hci management node: -; service processor: -; solidfire: -; steelstore cloud integrated storage: -; solidfire baseboard management controller firmware: -; aff baseboard management controller firmware: -; a320 firmware: -; c190 firmware: -; a220 firmware: -; fas2720 firmware: -; fas2750 firmware: -; a800 firmware: -; h300s firmware: -; h500s firmware: -; h700s firmware: -; h410s firmware: -; h410c firmware: -; h610s firmware: -; alp-al00b firmware: v < 10.0.0.162\(c00e156r2p4\); alp-tl00b firmware: v < 10.0.0.162\(c01e156r1p4\); anne-al00 firmware: v < 9.1.0.126\(c00e126r1p7t8\); ares-al00b firmware: v < 9.1.0.165\(c00e165r2p5t8\); ares-al10d firmware: v < 9.1.0.165\(c00e165r2p5t8\); ares-tl00chw firmware: v < 8.2.0.163\(c01r2p1\); bla-al00b firmware: v < 10.0.0.170\(c786e170r2p4\); bla-l29c firmware: v < 9.1.0.300\(c432e4r1p11t8\); bla-tl00b firmware: v < 10.0.0.170\(c01e170r1p4\); barca-al00 firmware: v < 8.0.0.377\(c00\); berkeley-l09 firmware: v < 9.1.0.351\(c432e5r1p13t8\); berkeley-tl10 firmware: v < 9.1.0.333\(c01e333r1p1t8\); columbia-al00a firmware: v < 8.1.0.186\(c00gt\); columbia-l29d firmware: v < 9.1.0.325\(c432e4r1p12t8\); cornell-tl10b firmware: v < 9.1.0.321\(c01e320r1p1t8\); duke-l09i firmware: v < 9.0.1.171\(c675e6r1p5t8\); dura-al00a firmware: v < 1.0.0.190\(c00\); figo-al00a firmware: v < 9.1.0.130\(c00e115r2p8t8\); florida-al20b firmware: v < 9.1.0.128\(c00e112r1p6t8\); florida-l03 firmware: v < 9.1.0.154\(c605e7r1p2t8\); florida-l21 firmware: v < 9.1.0.154\(c605e7r1p2t8\); florida-l22 firmware: v < 9.1.0.150\(c636e6r1p5t8\); florida-tl10b firmware: v < 9.1.0.128\(c01e112r1p6t8\); mate rs firmware: 9.1.0.321\(c786e320r1p1t8\); p20 firmware: v < 9.1.0.312\(c00e312r1p1t8\); p20 lite firmware: v < 9.1.0.200\(c605e4r1p3t8\), v < 9.1.0.200\(c635e5r1p1t8\), v < 9.1.0.246\(c432e6r1p7t8\), v < 9.1.0.200\(c636e4r1p5t8\), v < 9.1.0.201\(c636e4r1p5t8\), v < 9.1.0.201\(zafc185e4r1p8t8\); y9 2019 firmware: v < 9.1.0.297\(c605e4r1p1t8\); nova 2s firmware: v < 9.1.0.210\(c01e110r1p9t8\); nova 3 firmware: v < 9.1.0.351\(c00e351r1p1t8\); nova 3e firmware: v < 9.1.0.200\(c636e4r1p5t8\), v < 9.1.0.201\(c636e4r1p5t8\), v < 9.1.0.201\(zafc185e4r1p8t8\); honor view 20 firmware: v < 10.1.0.214\(c10e5r4p3\); jakarta-al00a firmware: v < 9.1.0.260\(c00e120r2p2\); johnson-tl00d firmware: v < 9.1.0.219\(c01e18r3p2t8\); leland-al10b firmware: v < 9.1.0.130\(c00e112r2p10t8\); leland-l21a firmware: v < 9.1.0.156\(c185e5r1p5t8\); leland-l32a firmware: v < 9.1.0.153\(c675e6r1p4t8\); leland-tl10b firmware: v < 9.1.0.130\(c01e112r2p10t8\); leland-tl10c firmware: v < 9.1.0.130\(c01e112r2p10t8\); lelandp-al00c firmware: v < 9.1.0.130\(c00e112r2p10t8\); lelandp-l22c firmware: v < 9.1.0.156\(c636e5r1p5t8\); neo-al00d firmware: v < 9.1.0.321\(c786e320r1p1t8\); princeton-al10b firmware: v < 10.1.0.160\(c00e160r2p11\); rhone-al00 firmware: v < 8.0.0.376\(c00\); stanford-l09 firmware: v < 9.1.0.211\(c635e2r1p4t8\); stanford-l09s firmware: v < 9.1.0.210\(c432e2r1p5t8\); sydney-al00 firmware: v < 9.1.0.212\(c00e62r1p7t8\); sydney-tl00 firmware: v < 9.1.0.212\(c01e62r1p7t8\); sydneym-al00 firmware: v < 9.1.0.212\(c00e62r1p7t8\); tony-al00b firmware: v < 10.0.0.175\(c00e59r2p11\); tony-tl00b firmware: v < 10.0.0.175\(c01e59r2p11\); yale-al00a firmware: v < 10.1.0.160\(c00e160r8p12\); yale-l21a firmware: v < 10.1.0.231\(c10e3r3p2\); yale-tl00b firmware: v < 10.1.0.160\(c01e160r8p12\); honor 9i firmware: v < 9.1.0.130\(c00e112r2p10t8\)
Real-world incidentsWhat we've seen

Active exploitation documented in the wild. Threat-research write-up: http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html

How to patch

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: Apply updates per vendor instructions.

References

    1
    Vendor advisory: http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2019-2215
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2019-2215NVDVendor Advisory