UBUNTU-CVE-2019-2214

Details

In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel

Affected Packages(41 packages)

linux

Ubuntu 20.04 LTS

Affected versions:

5.3.0-18.195.3.0-24.26

Fixed in:

5.4.0-9.12

linux

Ubuntu 16.04 LTS

Fixed in:

4.2.0-16.19

linux

Ubuntu 18.04 LTS

Fixed in:

4.13.0-16.19

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1001.10

linux-aws

Ubuntu 20.04 LTS

Affected versions:

5.3.0-1003.35.3.0-1008.95.3.0-1009.105.3.0-1010.11

Fixed in:

5.4.0-1005.5

linux-aws

Ubuntu 18.04 LTS

Fixed in:

4.15.0-1001.1

linux-aws-5.0

Ubuntu 18.04 LTS

Affected versions:

5.0.0-1021.24~18.04.15.0.0-1022.25~18.04.1

Fixed in:

5.0.0-1023.26~18.04.1

linux-aws-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1030.31~16.04.1

linux-azure

Ubuntu 16.04 LTS

Fixed in:

4.11.0-1009.9

linux-azure

Ubuntu 20.04 LTS

Affected versions:

5.3.0-1003.35.3.0-1008.95.3.0-1009.10

Fixed in:

5.4.0-1006.6

References

REPORThttps://git.kernel.org/linus/a56587065094fd96eb4c2b5ad65571daad32156d REPORThttps://lore.kernel.org/driverdev-devel/20190709110923.220736-1-maco@android.com/REPORThttps://ubuntu.com/security/CVE-2019-2214 REPORThttps://ubuntu.com/security/notices/USN-4226-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2019-2214

UBUNTU-CVE-2019-2214

Details

Affected Packages(41 packages)

References

CVSS Analysis

Related

Ecosystems

Timeline