Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for honor_9i_firmware by huawei

    CVE-2019-5252 (GCVE-0-2019-5252)

    Vulnerability from nvd – Published: 2019-12-13 23:12 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
    Severity
    No CVSS data available.
    CWE
    • Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro Affected: Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-13T23:12:50.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5252",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5252",
        "datePublished": "2019-12-13T23:12:50.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5264 (GCVE-0-2019-5264)

    Vulnerability from nvd – Published: 2019-12-13 23:00 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9 Affected: Versions earlier than 9.0.0.167(C00E85R2P20T8)
    Affected: Versions earlier than 9.0.0.159(C432E4R1P9T8)
    Affected: Versions earlier than 9.0.0.177(C185E2R1P12T8)
    Affected: Versions earlier than 9.0.0.159(C636E2R1P12T8)
    Affected: Versions earlier than 9.0.0.167(C00E87R2P15T8)
    Affected: Versions earlier than 9.0.0.159(C185E2R1P13T8)
    Affected: Versions earlier than 9.0.0.161(C432E4R1P11T8)
    Affected: Versions earlier than 9.0.0.159(C636E2R1P13T8)
    Affected: Versions earlier than 9.0.0.156(C00E156R2P14T8)
    Affected: Versions earlier than 9.0.0.159(C636E3R1P12T8)
    Affected: Versions earlier than 9.1.0.107(C00E107R2P8T8)
    Affected: Versions earlier than 9.1.0.119(C636E5R1P1T8)
    Affected: Versions earlier than 9.1.0.130(C432E8R1P5T8)
    Affected: Versions earlier than 9.1.0.111(C00E111R1P6T8)
    Affected: Versions earlier than 9.1.0.115(C432E5R1P1T8)
    Affected: Versions earlier than 9.1.0.120(C636E5R1P1T8)
    Affected: Versions earlier than 9.1.0.113(C00E111R2P10T8)
    Affected: Versions earlier than 9.1.0.118(C636E4R1P1T8)
    Affected: Versions earlier than 9.1.0.118(C185E4R1P4T8)
    Affected: Versions earlier than 9.1.0.121(C432E4R1P3T8)
    Affected: Versions earlier than 9.1.0.112(C00E112R1P6T8)
    Affected: Versions earlier 9.1.0.106(SP53C636E2R1P4T8)
    Affected: Versions earlier than 9.0.1.158(C432E6R1P8T8)
    Affected: Versions earlier than 9.0.1.159(C636E6R1P8T8)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-13T23:00:29.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5264",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
                              },
                              {
                                "version_value": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5264",
        "datePublished": "2019-12-13T23:00:29.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5251 (GCVE-0-2019-5251)

    Vulnerability from nvd – Published: 2019-12-13 14:30 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s Affected: Versions earlier than 9.1.0.333(C00E333R2P1T8)
    Affected: Versions earlier than 9.1.0.226(C00E220R2P1)
    Affected: Versions earlier than 9.1.0.130(C00E115R2P8T8)
    Affected: Versions earlier than 9.1.0.139(C00E133R3P1)
    Affected: Versions earlier than 9.1.0.130(C00E112R2P10T8)
    Affected: Versions earlier than 9.1.0.143(C636E5R1P5T8)
    Affected: Versions earlier than 9.1.0.120(C00E113R1P6T8)
    Affected: Versions earlier than 9.1.1.150(C00E150R1P150)
    Affected: Versions earlier than 9.1.0.226(C00E210R2P1)
    Affected: Versions earlier than 9.1.1.132(C00E131R6P1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.813Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.226(C00E220R2P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.130(C00E115R2P8T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.139(C00E133R3P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.130(C00E112R2P10T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.143(C636E5R1P5T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.120(C00E113R1P6T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.1.150(C00E150R1P150)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.226(C00E210R2P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.1.132(C00E131R6P1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-13T14:30:18.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.226(C00E220R2P1)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.130(C00E115R2P8T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.139(C00E133R3P1)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.130(C00E112R2P10T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.143(C636E5R1P5T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.120(C00E113R1P6T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.1.150(C00E150R1P150)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.226(C00E210R2P1)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.1.132(C00E131R6P1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5251",
        "datePublished": "2019-12-13T14:30:18.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2215 (GCVE-0-2019-2215)

    Vulnerability from nvd – Published: 2019-10-11 18:16 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of privilege
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    n/a Android Affected: Kernel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:42:50.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2019-10-01"
              },
              {
                "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
              },
              {
                "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/11"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
              },
              {
                "name": "USN-4186-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4186-1/"
              },
              {
                "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
              },
              {
                "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-2215",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:04:20.328785Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:29.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-2215 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Kernel"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-02T19:06:43.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/2019-10-01"
            },
            {
              "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
            },
            {
              "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/11"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "USN-4186-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4186-1/"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2019-2215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Kernel"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/2019-10-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/2019-10-01"
                },
                {
                  "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
                },
                {
                  "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/11"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
                },
                {
                  "name": "USN-4186-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4186-1/"
                },
                {
                  "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
                },
                {
                  "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2019-2215",
        "datePublished": "2019-10-11T18:16:48.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:29.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5252 (GCVE-0-2019-5252)

    Vulnerability from cvelistv5 – Published: 2019-12-13 23:12 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
    Severity
    No CVSS data available.
    CWE
    • Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro Affected: Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.878Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-13T23:12:50.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5252",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than 9.1.0.131(C432E6R1P5T8),Versions earlier than 9.1.0.139(C636E6R1P5T8),Versions earlier than 9.1.0.217(C00E15R3P2T8),Versions earlier than 9.1.0.237(C432E1R3P2T8),Versions earlier than 9.1.0.237(C636E2R4P1T8),Versions earlier than 9.1.0.124(C00E112R2P10T8),Versions earlier than 9.1.0.136(C636E5R1P5T8),Versions earlier than 9.1.0.115(C00E113R1P6T8),Versions earlier than 9.1.0.122(C636E4R1P4T8),Versions earlier than 9.1.0.248(C636E5R3P1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-01-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5252",
        "datePublished": "2019-12-13T23:12:50.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.878Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5264 (GCVE-0-2019-5264)

    Vulnerability from cvelistv5 – Published: 2019-12-13 23:00 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9 Affected: Versions earlier than 9.0.0.167(C00E85R2P20T8)
    Affected: Versions earlier than 9.0.0.159(C432E4R1P9T8)
    Affected: Versions earlier than 9.0.0.177(C185E2R1P12T8)
    Affected: Versions earlier than 9.0.0.159(C636E2R1P12T8)
    Affected: Versions earlier than 9.0.0.167(C00E87R2P15T8)
    Affected: Versions earlier than 9.0.0.159(C185E2R1P13T8)
    Affected: Versions earlier than 9.0.0.161(C432E4R1P11T8)
    Affected: Versions earlier than 9.0.0.159(C636E2R1P13T8)
    Affected: Versions earlier than 9.0.0.156(C00E156R2P14T8)
    Affected: Versions earlier than 9.0.0.159(C636E3R1P12T8)
    Affected: Versions earlier than 9.1.0.107(C00E107R2P8T8)
    Affected: Versions earlier than 9.1.0.119(C636E5R1P1T8)
    Affected: Versions earlier than 9.1.0.130(C432E8R1P5T8)
    Affected: Versions earlier than 9.1.0.111(C00E111R1P6T8)
    Affected: Versions earlier than 9.1.0.115(C432E5R1P1T8)
    Affected: Versions earlier than 9.1.0.120(C636E5R1P1T8)
    Affected: Versions earlier than 9.1.0.113(C00E111R2P10T8)
    Affected: Versions earlier than 9.1.0.118(C636E4R1P1T8)
    Affected: Versions earlier than 9.1.0.118(C185E4R1P4T8)
    Affected: Versions earlier than 9.1.0.121(C432E4R1P3T8)
    Affected: Versions earlier than 9.1.0.112(C00E112R1P6T8)
    Affected: Versions earlier 9.1.0.106(SP53C636E2R1P4T8)
    Affected: Versions earlier than 9.0.1.158(C432E6R1P8T8)
    Affected: Versions earlier than 9.0.1.159(C636E6R1P8T8)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-13T23:00:29.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5264",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
                              },
                              {
                                "version_value": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5264",
        "datePublished": "2019-12-13T23:00:29.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5251 (GCVE-0-2019-5251)

    Vulnerability from cvelistv5 – Published: 2019-12-13 14:30 – Updated: 2024-08-04 19:47
    VLAI
    Summary
    There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s Affected: Versions earlier than 9.1.0.333(C00E333R2P1T8)
    Affected: Versions earlier than 9.1.0.226(C00E220R2P1)
    Affected: Versions earlier than 9.1.0.130(C00E115R2P8T8)
    Affected: Versions earlier than 9.1.0.139(C00E133R3P1)
    Affected: Versions earlier than 9.1.0.130(C00E112R2P10T8)
    Affected: Versions earlier than 9.1.0.143(C636E5R1P5T8)
    Affected: Versions earlier than 9.1.0.120(C00E113R1P6T8)
    Affected: Versions earlier than 9.1.1.150(C00E150R1P150)
    Affected: Versions earlier than 9.1.0.226(C00E210R2P1)
    Affected: Versions earlier than 9.1.1.132(C00E131R6P1)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:47:56.813Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.226(C00E220R2P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.130(C00E115R2P8T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.139(C00E133R3P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.130(C00E112R2P10T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.143(C636E5R1P5T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.120(C00E113R1P6T8)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.1.150(C00E150R1P150)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.0.226(C00E210R2P1)"
                },
                {
                  "status": "affected",
                  "version": "Versions earlier than 9.1.1.132(C00E131R6P1)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-13T14:30:18.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2019-5251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Honor V10;P30;Mate 20;Honor 9 Lite;Honor 9i;M6;P30 Pro;Honor 20s",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.226(C00E220R2P1)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.130(C00E115R2P8T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.139(C00E133R3P1)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.130(C00E112R2P10T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.143(C636E5R1P5T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.120(C00E113R1P6T8)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.1.150(C00E150R1P150)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.0.226(C00E210R2P1)"
                              },
                              {
                                "version_value": "Versions earlier than 9.1.1.132(C00E131R6P1)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191204-03-smartphone-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2019-5251",
        "datePublished": "2019-12-13T14:30:18.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:47:56.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-2215 (GCVE-0-2019-2215)

    Vulnerability from cvelistv5 – Published: 2019-10-11 18:16 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of privilege
    • CWE-416 - Use After Free
    Assigner
    Impacted products
    Vendor Product Version
    n/a Android Affected: Kernel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:42:50.933Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2019-10-01"
              },
              {
                "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
              },
              {
                "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/11"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
              },
              {
                "name": "USN-4186-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4186-1/"
              },
              {
                "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
              },
              {
                "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-2215",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T13:04:20.328785Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:29.242Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2019-2215 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Android",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Kernel"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-02T19:06:43.000Z",
            "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
            "shortName": "google_android"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://source.android.com/security/bulletin/2019-10-01"
            },
            {
              "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
            },
            {
              "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/11"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
            },
            {
              "name": "USN-4186-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4186-1/"
            },
            {
              "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
            },
            {
              "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@android.com",
              "ID": "CVE-2019-2215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Kernel"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://source.android.com/security/bulletin/2019-10-01",
                  "refsource": "CONFIRM",
                  "url": "https://source.android.com/security/bulletin/2019-10-01"
                },
                {
                  "name": "20191018 CVE 2019-2215 Android Binder Use After Free",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/Oct/38"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
                },
                {
                  "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en",
                  "refsource": "CONFIRM",
                  "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
                },
                {
                  "name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/11"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
                },
                {
                  "name": "USN-4186-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4186-1/"
                },
                {
                  "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
                },
                {
                  "name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "assignerShortName": "google_android",
        "cveId": "CVE-2019-2215",
        "datePublished": "2019-10-11T18:16:48.000Z",
        "dateReserved": "2018-12-10T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:29.242Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }