CVE-2020-0030
Published: 13 February 2020
In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145286050References: Upstream kernel
Notes
Author | Note |
---|---|
cascardo | This seems to be like that since binder was added to the kernel, ie., binder would allow the thread to be freed while its wait member was still in the epoll waitqueue. Description was taken from patch's comment, as it describes the specific race condition that makes this different from CVE-2019-2215. I added the first sentence which would be a fair description of both this CVE and CVE-2019-2215. |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-12.13)
|
eoan |
Not vulnerable
(5.0.0-13.14)
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Not vulnerable
(4.2.0-16.19)
|
|
Patches: Introduced by f5cb779ba16334b45ba8946d6bfa6d9834d1527f |
||
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1003.3)
|
eoan |
Not vulnerable
(5.0.0-1004.4)
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1021.24~18.04.1)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Not vulnerable
(4.15.0-1030.31~16.04.1)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1003.3)
|
eoan |
Not vulnerable
(5.0.0-1004.4)
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Not vulnerable
(4.11.0-1009.9)
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1003.3)
|
eoan |
Not vulnerable
(5.0.0-1004.4)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Not vulnerable
(4.10.0-1004.4)
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1030.32)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1011.11~18.04.1)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.18.0-13.14~18.04.1)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Ignored
(end of life, was needs-triage)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1003.3)
|
eoan |
Not vulnerable
(5.0.0-1004.4)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1002.3)
|
eoan |
Not vulnerable
(4.15.0-1035.40)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oem-5.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1010.11)
|
eoan |
Not vulnerable
(5.0.0-1010.11)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.15.0-1007.9)
|
eoan |
Not vulnerable
(4.15.0-1011.13)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Not vulnerable
(4.15.0-1007.9~16.04.1)
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1007.12~18.04.1)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.13.0-1005.5)
|
eoan |
Not vulnerable
(5.0.0-1006.6)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(4.4.0-1077.82)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.16~rc3)
|
|
xenial |
Not vulnerable
(4.4.0-1012.12)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.0 |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |