CVE-2019-2215
Published: 11 October 2019
Summary
CVE-2019-2215 is a high-severity Use After Free (CWE-416) vulnerability in Huawei P20 Lite Firmware. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 2.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2019-2215 is a use-after-free vulnerability (CWE-416) located in binder.c that affects the Android operating system. The flaw resides in the Linux kernel component responsible for inter-process communication and carries Android ID A-141720095 along with a CVSS 3.1 base score of 7.8.
An attacker with the ability to run a malicious local application can exploit the issue without user interaction to escalate privileges from the application sandbox directly to the kernel, achieving full read/write control over kernel memory. Exploitation may also be chained through a separate network-facing vulnerability that first obtains local code execution.
Public references include exploit code and vendor advisories such as the Huawei security bulletin, indicating that device manufacturers should apply kernel patches addressing the binder use-after-free condition. No information on in-the-wild exploitation campaigns is supplied in the source data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-11857
Vulnerability details
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate…
more
vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor kernel patches that eliminate the use-after-free condition in binder.c.
Mandates hardware or software memory protections that block exploitation of use-after-free flaws leading to kernel memory corruption.
Requires process isolation boundaries that the binder vulnerability is designed to bypass from an untrusted application.