Main Vulnerability Database Vulnerabilities #VU35579

Integer overflow in Google Android - CVE-2019-2181

Published: September 6, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35579

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-2181

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

How to mitigate CVE-2019-2181

Install update from vendor's website.

Sources

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
https://source.android.com/security/bulletin/2019-09-01
https://usn.ubuntu.com/4157-1/
https://usn.ubuntu.com/4157-2/

Integer overflow in Google Android - CVE-2019-2181

Detailed vulnerability description

How to mitigate CVE-2019-2181

Sources

Please verify you're human