Known Exploited Vulnerability
7.8
HIGH
CVE-2019-2215
Android Kernel Use-After-Free Vulnerability - [Actively Exploited]
Description

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

INFO

Published Date :

Oct. 11, 2019, 7:15 p.m.

Last Modified :

July 25, 2024, 2:10 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."

Required Action :

Apply updates per vendor instructions.

Public PoC/Exploit Available at Github

CVE-2019-2215 has a 56 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2019-2215 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Huawei mate_rs_firmware
2 Huawei yale-l21a_firmware
3 Huawei lelandp-l22c_firmware
4 Huawei rhone-al00_firmware
5 Huawei stanford-l09s_firmware
6 Huawei y9_2019_firmware
7 Huawei p20_firmware
8 Huawei alp-al00b_firmware
9 Huawei bla-l29c_firmware
10 Huawei berkeley-l09_firmware
11 Huawei columbia-l29d_firmware
12 Huawei honor_view_20_firmware
13 Huawei sydney-al00_firmware
14 Huawei sydneym-al00_firmware
15 Huawei ares-al00b_firmware
16 Huawei ares-al10d_firmware
17 Huawei bla-al00b_firmware
18 Huawei bla-tl00b_firmware
19 Huawei barca-al00_firmware
20 Huawei berkeley-tl10_firmware
21 Huawei cornell-tl10b_firmware
22 Huawei dura-al00a_firmware
23 Huawei florida-al20b_firmware
24 Huawei florida-l21_firmware
25 Huawei florida-l22_firmware
26 Huawei florida-tl10b_firmware
27 Huawei nova_3_firmware
28 Huawei jakarta-al00a_firmware
29 Huawei johnson-tl00d_firmware
30 Huawei leland-l21a_firmware
31 Huawei leland-l32a_firmware
32 Huawei leland-tl10b_firmware
33 Huawei leland-tl10c_firmware
34 Huawei lelandp-al00c_firmware
35 Huawei neo-al00d_firmware
36 Huawei princeton-al10b_firmware
37 Huawei sydney-tl00_firmware
38 Huawei tony-al00b_firmware
39 Huawei tony-tl00b_firmware
40 Huawei yale-al00a_firmware
41 Huawei yale-tl00b_firmware
42 Huawei anne-al00_firmware
43 Huawei florida-l03_firmware
44 Huawei p20_lite_firmware
45 Huawei nova_3e_firmware
46 Huawei honor_9i_firmware
47 Huawei alp-tl00b_firmware
48 Huawei alp-al00b
49 Huawei alp-tl00b
50 Huawei anne-al00
51 Huawei ares-al00b
52 Huawei ares-al10d
53 Huawei ares-tl00chw_firmware
54 Huawei ares-tl00chw
55 Huawei bla-al00b
56 Huawei bla-l29c
57 Huawei bla-tl00b
58 Huawei barca-al00
59 Huawei berkeley-l09
60 Huawei berkeley-tl10
61 Huawei columbia-al00a_firmware
62 Huawei columbia-al00a
63 Huawei columbia-l29d
64 Huawei cornell-tl10b
65 Huawei duke-l09i_firmware
66 Huawei duke-l09i
67 Huawei dura-al00a
68 Huawei figo-al00a_firmware
69 Huawei figo-al00a
70 Huawei florida-al20b
71 Huawei florida-l03
72 Huawei florida-l21
73 Huawei florida-l22
74 Huawei florida-tl10b
75 Huawei mate_rs
76 Huawei p20
77 Huawei p20_lite
78 Huawei y9_2019
79 Huawei nova_2s_firmware
80 Huawei nova_2s
81 Huawei nova_3
82 Huawei nova_3e
83 Huawei honor_view_20
84 Huawei jakarta-al00a
85 Huawei johnson-tl00d
86 Huawei leland-al10b_firmware
87 Huawei leland-al10b
88 Huawei leland-l21a
89 Huawei leland-l32a
90 Huawei leland-tl10b
91 Huawei leland-tl10c
92 Huawei lelandp-al00c
93 Huawei lelandp-l22c
94 Huawei neo-al00d
95 Huawei princeton-al10b
96 Huawei rhone-al00
97 Huawei stanford-l09_firmware
98 Huawei stanford-l09
99 Huawei stanford-l09s
100 Huawei sydney-al00
101 Huawei sydney-tl00
102 Huawei sydneym-al00
103 Huawei tony-al00b
104 Huawei tony-tl00b
105 Huawei yale-al00a
106 Huawei yale-l21a
107 Huawei yale-tl00b
108 Huawei honor_9i
1 Netapp solidfire_baseboard_management_controller_firmware
2 Netapp h410c_firmware
3 Netapp cloud_backup
4 Netapp hci_management_node
5 Netapp solidfire
6 Netapp steelstore_cloud_integrated_storage
7 Netapp h300s_firmware
8 Netapp h500s_firmware
9 Netapp h700s_firmware
10 Netapp h410s_firmware
11 Netapp solidfire_baseboard_management_controller
12 Netapp service_processor
13 Netapp h610s_firmware
14 Netapp data_availability_services
15 Netapp h300s
16 Netapp h410s
17 Netapp h500s
18 Netapp h700s
19 Netapp h410c
20 Netapp aff_baseboard_management_controller
21 Netapp a320_firmware
22 Netapp c190_firmware
23 Netapp a220_firmware
24 Netapp fas2720_firmware
25 Netapp fas2750_firmware
26 Netapp a800_firmware
27 Netapp aff_baseboard_management_controller_firmware
28 Netapp h610s
29 Netapp a320
30 Netapp c190
31 Netapp a220
32 Netapp fas2720
33 Netapp fas2750
34 Netapp a800
1 Google android
1 Canonical ubuntu_linux
1 Debian debian_linux
: Total Affected Vendor : 5 | Products : 145
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-2215.

URL Resource
http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Patch Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2019/Oct/38 Mailing List Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/11 Mailing List Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0005/ Third Party Advisory
https://source.android.com/security/bulletin/2019-10-01 Vendor Advisory
https://usn.ubuntu.com/4186-1/ Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
Clock-Skew/EndPointX

EndPointX is a tool designed to automate the process of decompiling APKs and extracting endpoints.

android automation binder endpoints inter-process-communication java osint recon reverse-engineering smali

Shell

Updated: 1 month, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Aug. 8, 2024, 5:08 p.m. This repo has been linked 5 different CVEs too.
Profile Photo
raymontag/CVE-2019-2215

None

Makefile C

Updated: 3 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : July 2, 2024, 10:35 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
R0rt1z2/huawei-unlock

Unlock your Huawei device with ADB (CVE-2019-2215)

Makefile C

Updated: 2 months, 3 weeks ago
4 stars 4 fork 4 watcher
Born at : May 20, 2024, 10:58 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
mutur4/CVE-2019-2215

This is a critical UAF vulnerability exploit that affected the android binder IPC system used in the wild and discovered by P0

C

Updated: 1 month, 2 weeks ago
1 stars 0 fork 0 watcher
Born at : April 15, 2024, 6:40 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
willboka/CVE-2019-2215-HuaweiP20Lite

Exploit for CVE-2019-2215 (bad binder) for Huawei P20 Lite

Makefile C

Updated: 8 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Feb. 4, 2024, 4:08 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
su-vikas/Mobile-Attack-Vectors

mobile attack vectors and resources

Updated: 7 months ago
2 stars 0 fork 0 watcher
Born at : Nov. 17, 2023, 10:40 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
stevejubx/CVE-2019-2215

Android Kernel Vulnerability (CVE-2019-2215) temporary root PoC

Makefile C

Updated: 1 month, 3 weeks ago
8 stars 4 fork 4 watcher
Born at : Nov. 5, 2023, 2:32 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
ProbiusOfficial/Awsome-Sec.CTF-Videomaker

【Hello CTF】收录国内网络安全以及CTF领域的优秀视频作者

Python

Updated: 1 month, 1 week ago
164 stars 15 fork 15 watcher
Born at : Oct. 4, 2023, 8:20 p.m. This repo has been linked 13 different CVEs too.
Profile Photo
IamAlch3mist/Awesome-Android-Vulnerability-Research

None

Updated: 1 month, 2 weeks ago
9 stars 0 fork 0 watcher
Born at : Sept. 4, 2023, 7 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
themmokhtar/CVE-2020-0022

A fully public exploit of the CVE-2020-0022 BlueFrag Android RCE Vulnerability (tested on Pixel 3 XL)

aarch64 android arm64 attack bluetooth bluetooth-low-energy bluez exploit exploitation rce rce-exploit research security vulnerability

Makefile C Java C++

Updated: 5 months, 2 weeks ago
10 stars 4 fork 4 watcher
Born at : Aug. 28, 2023, 9:20 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
elbiazo/CVE-2019-2215

Exploit for Bad Binder

Makefile C++

Updated: 9 months, 3 weeks ago
1 stars 0 fork 0 watcher
Born at : May 27, 2023, 8:12 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
enceka/1

None

Makefile Shell Java C

Updated: 1 year, 5 months ago
0 stars 0 fork 0 watcher
Born at : May 15, 2023, 11:08 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
GiorgosXou/Our-Xiaomi-Redmi-5A-riva-debloating-list

A "Xiaomi Redmi 5A (riva)" debloating list for use within the "hexapterygon"-tool

Updated: 1 month, 2 weeks ago
1 stars 0 fork 0 watcher
Born at : April 26, 2023, 5:27 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
Thehepta/android-jailbreak

None

Makefile CMake C++ C

Updated: 1 month, 1 week ago
42 stars 13 fork 13 watcher
Born at : March 28, 2023, 6:27 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
ndk06/linux-kernel-exploitation

None

Updated: 1 month, 3 weeks ago
6 stars 0 fork 0 watcher
Born at : Feb. 25, 2023, 10:40 a.m. This repo has been linked 178 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-2215 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-2215 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Jul. 25, 2024

    Action Type Old Value New Value
    Changed Reference Type http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html No Types Assigned http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html Exploit, Third Party Advisory, VDB Entry
    Changed Reference Type http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html No Types Assigned http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Patch, Third Party Advisory, VDB Entry
    Changed Reference Type http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html No Types Assigned http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html Exploit, Third Party Advisory, VDB Entry
    Changed Reference Type http://seclists.org/fulldisclosure/2019/Oct/38 No Types Assigned http://seclists.org/fulldisclosure/2019/Oct/38 Mailing List, Third Party Advisory
    Changed Reference Type http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en No Types Assigned http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html No Types Assigned https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html Mailing List, Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html No Types Assigned https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html Mailing List, Third Party Advisory
    Changed Reference Type https://seclists.org/bugtraq/2019/Nov/11 No Types Assigned https://seclists.org/bugtraq/2019/Nov/11 Mailing List, Patch, Third Party Advisory
    Changed Reference Type https://security.netapp.com/advisory/ntap-20191031-0005/ No Types Assigned https://security.netapp.com/advisory/ntap-20191031-0005/ Third Party Advisory
    Changed Reference Type https://usn.ubuntu.com/4186-1/ No Types Assigned https://usn.ubuntu.com/4186-1/ Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:aff_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:aff_baseboard_management_controller:a700s:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:alp-al00b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.0.162\(c00e156r2p4\) OR cpe:2.3:h:huawei:alp-al00b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:alp-tl00b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.0.162\(c01e156r1p4\) OR cpe:2.3:h:huawei:alp-tl00b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:anne-al00_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.126\(c00e126r1p7t8\) OR cpe:2.3:h:huawei:anne-al00:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:ares-al00b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.165\(c00e165r2p5t8\) OR cpe:2.3:h:huawei:ares-al00b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:ares-al10d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.165\(c00e165r2p5t8\) OR cpe:2.3:h:huawei:ares-al10d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:ares-tl00chw_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 8.2.0.163\(c01r2p1\) OR cpe:2.3:h:huawei:ares-tl00chw:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:bla-al00b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.0.170\(c786e170r2p4\) OR cpe:2.3:h:huawei:bla-al00b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:bla-l29c_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.300\(c432e4r1p11t8\) OR cpe:2.3:h:huawei:bla-l29c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:bla-tl00b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.0.170\(c01e170r1p4\) OR cpe:2.3:h:huawei:bla-tl00b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:barca-al00_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 8.0.0.377\(c00\) OR cpe:2.3:h:huawei:barca-al00:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:berkeley-l09_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.351\(c432e5r1p13t8\) OR cpe:2.3:h:huawei:berkeley-l09:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:berkeley-tl10_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.333\(c01e333r1p1t8\) OR cpe:2.3:h:huawei:berkeley-tl10:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:columbia-al00a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 8.1.0.186\(c00gt\) OR cpe:2.3:h:huawei:columbia-al00a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:columbia-l29d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.325\(c432e4r1p12t8\) OR cpe:2.3:h:huawei:columbia-l29d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:cornell-tl10b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.321\(c01e320r1p1t8\) OR cpe:2.3:h:huawei:cornell-tl10b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:duke-l09i_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.0.1.171\(c675e6r1p5t8\) OR cpe:2.3:h:huawei:duke-l09i:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:dura-al00a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.0.190\(c00\) OR cpe:2.3:h:huawei:dura-al00a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:figo-al00a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.130\(c00e115r2p8t8\) OR cpe:2.3:h:huawei:figo-al00a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:florida-al20b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.128\(c00e112r1p6t8\) OR cpe:2.3:h:huawei:florida-al20b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:florida-l03_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.154\(c605e7r1p2t8\) OR cpe:2.3:h:huawei:florida-l03:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:florida-l21_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.154\(c605e7r1p2t8\) OR cpe:2.3:h:huawei:florida-l21:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:florida-l22_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.150\(c636e6r1p5t8\) OR cpe:2.3:h:huawei:florida-l22:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:florida-tl10b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.128\(c01e112r1p6t8\) OR cpe:2.3:h:huawei:florida-tl10b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:mate_rs_firmware:9.1.0.321\(c786e320r1p1t8\):*:*:*:*:*:*:* OR cpe:2.3:h:huawei:mate_rs:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:p20_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.312\(c00e312r1p1t8\) OR cpe:2.3:h:huawei:p20:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:p20_lite_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.200\(c605e4r1p3t8\) OR cpe:2.3:h:huawei:p20_lite:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:p20_lite_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.200\(c635e5r1p1t8\) OR cpe:2.3:h:huawei:p20_lite:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:p20_lite_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.246\(c432e6r1p7t8\) OR cpe:2.3:h:huawei:p20_lite:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:y9_2019_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.297\(c605e4r1p1t8\) OR cpe:2.3:h:huawei:y9_2019:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:nova_2s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.210\(c01e110r1p9t8\) OR cpe:2.3:h:huawei:nova_2s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:nova_3_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.351\(c00e351r1p1t8\) OR cpe:2.3:h:huawei:nova_3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:nova_3e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.200\(c636e4r1p5t8\) OR cpe:2.3:h:huawei:nova_3e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:p20_lite_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.200\(c636e4r1p5t8\) OR cpe:2.3:h:huawei:p20_lite:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:p20_lite_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.201\(c636e4r1p5t8\) OR cpe:2.3:h:huawei:p20_lite:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:nova_3e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.201\(c636e4r1p5t8\) OR cpe:2.3:h:huawei:nova_3e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:nova_3e_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.201\(zafc185e4r1p8t8\) OR cpe:2.3:h:huawei:nova_3e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:p20_lite_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.201\(zafc185e4r1p8t8\) OR cpe:2.3:h:huawei:p20_lite:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:honor_view_20_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 10.1.0.214\(c10e5r4p3\) OR cpe:2.3:h:huawei:honor_view_20:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:jakarta-al00a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.260\(c00e120r2p2\) OR cpe:2.3:h:huawei:jakarta-al00a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:johnson-tl00d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.219\(c01e18r3p2t8\) OR cpe:2.3:h:huawei:johnson-tl00d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:leland-al10b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.130\(c00e112r2p10t8\) OR cpe:2.3:h:huawei:leland-al10b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:leland-l21a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.156\(c185e5r1p5t8\) OR cpe:2.3:h:huawei:leland-l21a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:leland-l32a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.153\(c675e6r1p4t8\) OR cpe:2.3:h:huawei:leland-l32a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:leland-tl10b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.130\(c01e112r2p10t8\) OR cpe:2.3:h:huawei:leland-tl10b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:leland-tl10c_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.130\(c01e112r2p10t8\) OR cpe:2.3:h:huawei:leland-tl10c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:lelandp-al00c_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.130\(c00e112r2p10t8\) OR cpe:2.3:h:huawei:lelandp-al00c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:lelandp-l22c_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.156\(c636e5r1p5t8\) OR cpe:2.3:h:huawei:lelandp-l22c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:neo-al00d_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.321\(c786e320r1p1t8\) OR cpe:2.3:h:huawei:neo-al00d:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:princeton-al10b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 10.1.0.160\(c00e160r2p11\) OR cpe:2.3:h:huawei:princeton-al10b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rhone-al00_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 8.0.0.376\(c00\) OR cpe:2.3:h:huawei:rhone-al00:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:stanford-l09_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.211\(c635e2r1p4t8\) OR cpe:2.3:h:huawei:stanford-l09:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:stanford-l09s_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.210\(c432e2r1p5t8\) OR cpe:2.3:h:huawei:stanford-l09s:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:sydney-al00_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.212\(c00e62r1p7t8\) OR cpe:2.3:h:huawei:sydney-al00:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:sydney-tl00_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.212\(c01e62r1p7t8\) OR cpe:2.3:h:huawei:sydney-tl00:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:sydneym-al00_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.212\(c00e62r1p7t8\) OR cpe:2.3:h:huawei:sydneym-al00:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:tony-al00b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.0.175\(c00e59r2p11\) OR cpe:2.3:h:huawei:tony-al00b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:tony-tl00b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.0.175\(c01e59r2p11\) OR cpe:2.3:h:huawei:tony-tl00b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:yale-al00a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 10.1.0.160\(c00e160r8p12\) OR cpe:2.3:h:huawei:yale-al00a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:yale-l21a_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 10.1.0.231\(c10e3r3p2\) OR cpe:2.3:h:huawei:yale-l21a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:yale-tl00b_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 10.1.0.160\(c01e160r8p12\) OR cpe:2.3:h:huawei:yale-tl00b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:honor_9i_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 9.1.0.130\(c00e112r2p10t8\) OR cpe:2.3:h:huawei:honor_9i:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Mar. 02, 2020

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html [No Types Assigned]
  • CVE Modified by [email protected]

    Feb. 24, 2020

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html [No Types Assigned]
  • CVE Modified by [email protected]

    Jan. 18, 2020

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 13, 2019

    Action Type Old Value New Value
    Added Reference https://usn.ubuntu.com/4186-1/ [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 08, 2019

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 08, 2019

    Action Type Old Value New Value
    Added Reference https://seclists.org/bugtraq/2019/Nov/11 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 31, 2019

    Action Type Old Value New Value
    Added Reference http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 31, 2019

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20191031-0005/ [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 19, 2019

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 18, 2019

    Action Type Old Value New Value
    Added Reference http://seclists.org/fulldisclosure/2019/Oct/38 [No Types Assigned]
  • Initial Analysis by [email protected]

    Oct. 16, 2019

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://source.android.com/security/bulletin/2019-10-01 No Types Assigned https://source.android.com/security/bulletin/2019-10-01 Vendor Advisory
    Added CWE NIST CWE-416
    Added CPE Configuration OR *cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-2215 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2019-2215 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

48.72 }} 3.92%

score

0.97550

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: