Early Access — Mondoo Vulnerability Intelligence is currently in preview.

UBUNTU-CVE-2019-2181 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2019-2181

HIGH7.8

In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional executi

Published Sep 5, 2019

Modified 6 months ago

Fix available

Details

In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Packages

Ubuntu:14.04:LTSlinux

Affected versions:

3.11.0-12.193.12.0-1.33.12.0-2.53.12.0-2.73.12.0-3.83.12.0-3.93.12.0-4.103.12.0-4.123.12.0-5.133.12.0-7.15+170 more

Ubuntu:Pro:14.04:LTSlinux

Affected versions:

3.11.0-12.193.12.0-1.33.12.0-2.53.12.0-2.73.12.0-3.83.12.0-3.93.12.0-4.103.12.0-4.123.12.0-5.133.12.0-7.15+170 more

Ubuntu:20.04:LTSlinux

Affected versions:

5.3.0-18.195.3.0-24.26

Fixed in:

5.4.0-9.12

Ubuntu:16.04:LTSlinux

Fixed in:

4.2.0-16.19

Ubuntu:18.04:LTSlinux

Fixed in:

4.13.0-16.19

Ubuntu:18.04:LTSlinux-aws

Fixed in:

4.15.0-1001.1

Ubuntu:16.04:LTSlinux-aws

Fixed in:

4.4.0-1001.10

Ubuntu:Pro:14.04:LTSlinux-aws

Affected versions:

4.4.0-1002.24.4.0-1003.34.4.0-1005.54.4.0-1006.64.4.0-1009.94.4.0-1010.104.4.0-1011.114.4.0-1012.124.4.0-1014.144.4.0-1016.16+94 more

Ubuntu:20.04:LTSlinux-aws

Affected versions:

5.3.0-1003.35.3.0-1008.95.3.0-1009.105.3.0-1010.11

Fixed in:

5.4.0-1005.5

Ubuntu:18.04:LTSlinux-aws-5.0

Fixed in:

5.0.0-1021.24~18.04.1

Ubuntu:16.04:LTSlinux-aws-hwe

Fixed in:

4.15.0-1030.31~16.04.1

Ubuntu:20.04:LTSlinux-azure

Affected versions:

5.3.0-1003.35.3.0-1008.95.3.0-1009.10

Fixed in:

5.4.0-1006.6

Ubuntu:18.04:LTSlinux-azure

Affected versions:

4.15.0-1002.24.15.0-1003.34.15.0-1004.44.15.0-1008.84.15.0-1009.94.15.0-1012.124.15.0-1013.134.15.0-1014.144.15.0-1018.184.15.0-1019.19+25 more

Fixed in:

5.0.0-1023.24~18.04.1

Ubuntu:16.04:LTSlinux-azure

Fixed in:

4.11.0-1009.9

Ubuntu:Pro:14.04:LTSlinux-azure

Affected versions:

4.15.0-1023.24~14.04.14.15.0-1030.31~14.04.14.15.0-1031.32~14.04.14.15.0-1032.33~14.04.24.15.0-1035.36~14.04.24.15.0-1036.38~14.04.24.15.0-1037.39~14.04.24.15.0-1039.41~14.04.24.15.0-1040.44~14.04.14.15.0-1041.45~14.04.1+89 more

Ubuntu:18.04:LTSlinux-azure-5.3

Fixed in:

5.3.0-1007.8~18.04.1

Ubuntu:16.04:LTSlinux-gcp

Fixed in:

4.10.0-1004.4

Ubuntu:20.04:LTSlinux-gcp

Affected versions:

5.3.0-1004.45.3.0-1009.105.3.0-1011.12

Fixed in:

5.4.0-1005.5

Ubuntu:18.04:LTSlinux-gcp

Affected versions:

4.15.0-1001.14.15.0-1003.34.15.0-1005.54.15.0-1006.64.15.0-1008.84.15.0-1009.94.15.0-1010.104.15.0-1014.144.15.0-1015.154.15.0-1017.18+20 more

Fixed in:

5.0.0-1021.21~18.04.1

Ubuntu:18.04:LTSlinux-gcp-5.3

Fixed in:

5.3.0-1008.9~18.04.1

Ubuntu:18.04:LTSlinux-gke-4.15

Fixed in:

4.15.0-1030.32

Ubuntu:18.04:LTSlinux-gke-5.0

Affected versions:

5.0.0-1011.11~18.04.15.0.0-1013.13~18.04.15.0.0-1015.15~18.04.15.0.0-1017.17~18.04.15.0.0-1020.20~18.04.15.0.0-1022.22~18.04.3

Fixed in:

5.0.0-1023.23~18.04.2

Ubuntu:18.04:LTSlinux-gke-5.3

Fixed in:

5.3.0-1011.12~18.04.1

Ubuntu:18.04:LTSlinux-hwe

Affected versions:

4.18.0-13.14~18.04.14.18.0-14.15~18.04.14.18.0-15.16~18.04.14.18.0-16.17~18.04.14.18.0-17.18~18.04.14.18.0-18.19~18.04.14.18.0-20.21~18.04.14.18.0-21.22~18.04.14.18.0-22.23~18.04.14.18.0-24.25~18.04.1+6 more

Fixed in:

5.0.0-32.34~18.04.2

Ubuntu:16.04:LTSlinux-hwe

Fixed in:

4.8.0-36.36~16.04.1

Ubuntu:Pro:18.04:LTSlinux-hwe-edge

Affected versions:

5.0.0-15.16~18.04.15.0.0-16.17~18.04.15.0.0-17.18~18.04.15.0.0-19.20~18.04.15.0.0-20.21~18.04.15.3.0-19.20~18.04.25.3.0-22.24~18.04.15.3.0-23.25~18.04.15.3.0-23.25~18.04.25.3.0-24.26~18.04.2

Ubuntu:20.04:LTSlinux-kvm

Affected versions:

5.3.0-1003.35.3.0-1008.95.3.0-1009.10

Fixed in:

5.4.0-1004.4

Ubuntu:18.04:LTSlinux-kvm

Fixed in:

4.15.0-1002.2

Ubuntu:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1004.9

Ubuntu:Pro:14.04:LTSlinux-lts-xenial

Affected versions:

4.4.0-101.124~14.04.14.4.0-103.126~14.04.14.4.0-104.127~14.04.14.4.0-108.131~14.04.14.4.0-109.132~14.04.14.4.0-111.134~14.04.14.4.0-112.135~14.04.14.4.0-116.140~14.04.14.4.0-119.143~14.04.14.4.0-121.145~14.04.1+138 more

Ubuntu:18.04:LTSlinux-oem

Fixed in:

4.15.0-1002.3

Ubuntu:18.04:LTSlinux-oem-osp1

Affected versions:

5.0.0-1010.115.0.0-1012.135.0.0-1015.165.0.0-1018.205.0.0-1020.225.0.0-1022.245.0.0-1024.27

Fixed in:

5.0.0-1025.28

Ubuntu:16.04:LTSlinux-oracle

Fixed in:

4.15.0-1007.9~16.04.1

Ubuntu:18.04:LTSlinux-oracle

Fixed in:

4.15.0-1007.9

Ubuntu:20.04:LTSlinux-oracle

Affected versions:

5.3.0-1002.25.3.0-1007.85.3.0-1008.9

Fixed in:

5.4.0-1005.5

Ubuntu:18.04:LTSlinux-oracle-5.0

Fixed in:

5.0.0-1007.12~18.04.1

Ubuntu:18.04:LTSlinux-oracle-5.3

Fixed in:

5.3.0-1011.12~18.04.1

Ubuntu:18.04:LTSlinux-raspi2

Fixed in:

4.13.0-1005.5

Ubuntu:20.04:LTSlinux-raspi2

Affected versions:

5.3.0-1007.85.3.0-1014.165.3.0-1015.175.3.0-1017.19

Fixed in:

5.4.0-1004.4

Ubuntu:Pro:20.04:LTSlinux-raspi2

Affected versions:

5.3.0-1007.85.3.0-1014.165.3.0-1015.175.3.0-1017.195.4.0-1004.45.4.0-1006.6

Ubuntu:16.04:LTSlinux-raspi2

Fixed in:

4.2.0-1013.19

Ubuntu:18.04:LTSlinux-raspi2-5.3

Fixed in:

5.3.0-1017.19~18.04.1

Ubuntu:18.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1077.82

Ubuntu:16.04:LTSlinux-snapdragon

Fixed in:

4.4.0-1012.12

References

REPORThttps://android-review.googlesource.com/c/kernel/common/+/981230 REPORThttps://source.android.com/security/bulletin/2019-09-01 REPORThttps://ubuntu.com/security/CVE-2019-2181 REPORThttps://ubuntu.com/security/notices/USN-4157-1 REPORThttps://ubuntu.com/security/notices/USN-4157-2 REPORThttps://www.cve.org/CVERecord?id=CVE-2019-2181

CVSS Analysis

CVSS v3.0

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Related

CVE-2019-2181 USN-4157-1 USN-4157-2

Ecosystems

Ubuntu 14.04 LTS Ubuntu Pro 14.04 LTS Ubuntu 20.04 LTS Ubuntu 16.04 LTS Ubuntu 18.04 LTS Ubuntu Pro 18.04 LTS Ubuntu Pro 20.04 LTS

Timeline

PublishedSep 5, 2019

ModifiedJul 1, 2025