Vulnerabilities > CVE-2019-2000 - Use After Free vulnerability in Google Android

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

google

CWE-416

exploit available

NVD

Published: 2019-02-28

Updated: 2024-11-21

Summary

In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789.

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Exploit-Db

file	exploits/android/dos/46356.txt
id	EDB-ID:46356
last seen	2019-02-12
modified	2019-02-12
platform	android
port
published	2019-02-12
reporter	Exploit-DB
source	https://www.exploit-db.com/download/46356
title	Android - binder Use-After-Free via fdget() Optimization
type	dos

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References