Vulnerabilities > CVE-2019-2025 - Use After Free vulnerability in Google Android

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
google
CWE-416
exploit available

Summary

In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel

Vulnerable Configurations

Part Description Count
OS
Google
1

Common Weakness Enumeration (CWE)

Exploit-Db

idEDB-ID:46503
last seen2019-03-06
modified2019-03-06
published2019-03-06
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/46503
titleAndroid - binder Use-After-Free via racy Initialization of ->allow_user_free