Cyber Resilience

CVE-2019-2215

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 11 October 2019

Published
11 October 2019
Modified
24 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5314 98.0th percentile
Risk Priority 67 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-2215 is a high-severity Use After Free (CWE-416) vulnerability in Huawei P20 Lite Firmware. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 2.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2019-2215 is a use-after-free vulnerability (CWE-416) located in binder.c that affects the Android operating system. The flaw resides in the Linux kernel component responsible for inter-process communication and carries Android ID A-141720095 along with a CVSS 3.1 base score of 7.8.

An attacker with the ability to run a malicious local application can exploit the issue without user interaction to escalate privileges from the application sandbox directly to the kernel, achieving full read/write control over kernel memory. Exploitation may also be chained through a separate network-facing vulnerability that first obtains local code execution.

Public references include exploit code and vendor advisories such as the Huawei security bulletin, indicating that device manufacturers should apply kernel patches addressing the binder use-after-free condition. No information on in-the-wild exploitation campaigns is supplied in the source data.

EU & UK References

Vulnerability details

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate…

more

vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

google
android
all versions
debian
debian linux
8.0
canonical
ubuntu linux
16.04
netapp
cloud backup
all versions
netapp
data availability services
all versions
netapp
hci management node
all versions
netapp
service processor
all versions
netapp
solidfire
all versions
netapp
steelstore cloud integrated storage
all versions
netapp
solidfire baseboard management controller firmware
all versions
+67 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of vendor kernel patches that eliminate the use-after-free condition in binder.c.

prevent

Mandates hardware or software memory protections that block exploitation of use-after-free flaws leading to kernel memory corruption.

prevent

Requires process isolation boundaries that the binder vulnerability is designed to bypass from an untrusted application.

References