CVE-2019-1999

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a double free vulnerability in the binder alloc free page function of binder alloc.c in the Android kernel. This could lead to a local escalation of privilege in the kernel without needing additional execution privileges. The vulnerability can be exploited without user interaction.

Recommendations For Android kernel, consider applying a patch to fix the improper locking issue in the binder alloc free page function as a permanent solution. As a temporary workaround, restricting access to the kernel's binder alloc module may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.