UBUNTU-CVE-2019-1999
- Source
- https://ubuntu.com/security/CVE-2019-1999
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-1999.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2019-1999
- Upstream
- Related
- Published
- 2019-02-28T00:00:00Z
- Modified
- 2025-07-18T16:44:55Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
In binderallocfreepage of binderalloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.
- References
-
- https://ubuntu.com/security/CVE-2019-1999
- https://source.android.com/security/bulletin/2019-02-01
- https://www.exploit-db.com/exploits/46357/
- https://lore.kernel.org/lkml/20190301230606.8302-1-tkjos@google.com/
- https://ubuntu.com/security/notices/USN-3979-1
- https://www.cve.org/CVERecord?id=CVE-2019-1999
Affected packages
Ubuntu:Pro:FIPS:16.04:LTS / linux-fips
Package
- Name
- linux-fips
- Purl
- pkg:deb/ubuntu/linux-fips@4.4.0-1115.122?arch=source&distro=fips-updates/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.4.0-1003.3
4.4.0-1005.5
4.4.0-1006.6
4.4.0-1008.10
4.4.0-1010.13
4.4.0-1011.14
4.4.0-1012.16
4.4.0-1013.17
4.4.0-1015.20
4.4.0-1017.22
4.4.0-1019.24
4.4.0-1021.26
4.4.0-1022.27
4.4.0-1023.28
4.4.0-1025.30
4.4.0-1026.31
4.4.0-1027.32
4.4.0-1028.33
4.4.0-1029.34
4.4.0-1031.36
4.4.0-1032.37
4.4.0-1033.38
4.4.0-1034.39
4.4.0-1041.46
4.4.0-1042.47
4.4.0-1043.48
4.4.0-1044.49
4.4.0-1045.50
4.4.0-1046.51
4.4.0-1048.53
4.4.0-1049.55
4.4.0-1051.57
4.4.0-1052.58
4.4.0-1054.60
4.4.0-1055.61
4.4.0-1056.62
4.4.0-1057.63
4.4.0-1058.64
4.4.0-1060.66
4.4.0-1061.67
4.4.0-1062.68
4.4.0-1063.69
4.4.0-1064.70
4.4.0-1065.71
4.4.0-1066.72
4.4.0-1067.73
4.4.0-1068.74
4.4.0-1069.75
4.4.0-1071.77
4.4.0-1072.78
4.4.0-1073.79
4.4.0-1074.80
4.4.0-1077.84
4.4.0-1079.86
4.4.0-1080.87
4.4.0-1081.88
4.4.0-1082.89
4.4.0-1083.90
4.4.0-1084.91
4.4.0-1085.92
4.4.0-1086.93
4.4.0-1088.95
4.4.0-1089.96
4.4.0-1090.97
4.4.0-1091.98
4.4.0-1092.99
4.4.0-1093.100
4.4.0-1094.101
4.4.0-1095.102
4.4.0-1097.104
4.4.0-1099.106
4.4.0-1100.107
4.4.0-1101.108
4.4.0-1102.109
4.4.0-1103.110
4.4.0-1104.111
4.4.0-1105.112
4.4.0-1106.113
4.4.0-1107.114
4.4.0-1108.115
4.4.0-1109.116
4.4.0-1110.117
4.4.0-1111.118
4.4.0-1112.119
4.4.0-1113.120
4.4.0-1114.121
4.4.0-1115.122
Ubuntu:Pro:FIPS:16.04:LTS / linux-fips
Package
- Name
- linux-fips
- Purl
- pkg:deb/ubuntu/linux-fips@4.4.0-1002.2?arch=source&distro=fips/xenial
Ubuntu:Pro:FIPS-updates:18.04:LTS / linux-aws-fips
Package
- Name
- linux-aws-fips
- Purl
- pkg:deb/ubuntu/linux-aws-fips@4.15.0-2018.18?arch=source&distro=fips-updates/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.15.0-2018.18
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "linux-aws-fips-headers-4.15.0-2018",
"binary_version": "4.15.0-2018.18"
},
{
"binary_name": "linux-aws-fips-tools-4.15.0-2018",
"binary_version": "4.15.0-2018.18"
},
{
"binary_name": "linux-buildinfo-4.15.0-2018-aws-fips",
"binary_version": "4.15.0-2018.18"
},
{
"binary_name": "linux-headers-4.15.0-2018-aws-fips",
"binary_version": "4.15.0-2018.18"
},
{
"binary_name": "linux-image-unsigned-4.15.0-2018-aws-fips",
"binary_version": "4.15.0-2018.18"
},
{
"binary_name": "linux-image-unsigned-4.15.0-2018-aws-fips-dbgsym",
"binary_version": "4.15.0-2018.18"
},
{
"binary_name": "linux-image-unsigned-hmac-4.15.0-2018-aws-fips",
"binary_version": "4.15.0-2018.18"
},
{
"binary_name": "linux-modules-4.15.0-2018-aws-fips",
"binary_version": "4.15.0-2018.18"
},
{
"binary_name": "linux-modules-extra-4.15.0-2018-aws-fips",
"binary_version": "4.15.0-2018.18"
},
{
"binary_name": "linux-tools-4.15.0-2018-aws-fips",
"binary_version": "4.15.0-2018.18"
}
]
}
Ubuntu:Pro:FIPS-updates:18.04:LTS / linux-azure-fips
Package
- Name
- linux-azure-fips
- Purl
- pkg:deb/ubuntu/linux-azure-fips@4.15.0-2006.7?arch=source&distro=fips-updates/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.15.0-2006.7
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "linux-azure-fips-cloud-tools-4.15.0-2006",
"binary_version": "4.15.0-2006.7"
},
{
"binary_name": "linux-azure-fips-headers-4.15.0-2006",
"binary_version": "4.15.0-2006.7"
},
{
"binary_name": "linux-azure-fips-tools-4.15.0-2006",
"binary_version": "4.15.0-2006.7"
},
{
"binary_name": "linux-buildinfo-4.15.0-2006-azure-fips",
"binary_version": "4.15.0-2006.7"
},
{
"binary_name": "linux-cloud-tools-4.15.0-2006-azure-fips",
"binary_version": "4.15.0-2006.7"
},
{
"binary_name": "linux-headers-4.15.0-2006-azure-fips",
"binary_version": "4.15.0-2006.7"
},
{
"binary_name": "linux-image-unsigned-4.15.0-2006-azure-fips",
"binary_version": "4.15.0-2006.7"
},
{
"binary_name": "linux-image-unsigned-4.15.0-2006-azure-fips-dbgsym",
"binary_version": "4.15.0-2006.7"
},
{
"binary_name": "linux-image-unsigned-hmac-4.15.0-2006-azure-fips",
"binary_version": "4.15.0-2006.7"
},
{
"binary_name": "linux-modules-4.15.0-2006-azure-fips",
"binary_version": "4.15.0-2006.7"
},
{
"binary_name": "linux-modules-extra-4.15.0-2006-azure-fips",
"binary_version": "4.15.0-2006.7"
},
{
"binary_name": "linux-tools-4.15.0-2006-azure-fips",
"binary_version": "4.15.0-2006.7"
}
]
}
Ubuntu:Pro:FIPS:18.04:LTS / linux-aws-fips
Package
- Name
- linux-aws-fips
- Purl
- pkg:deb/ubuntu/linux-aws-fips@4.15.0-2000.4?arch=source&distro=fips/bionic
Ubuntu:Pro:FIPS:18.04:LTS / linux-azure-fips
Package
- Name
- linux-azure-fips
- Purl
- pkg:deb/ubuntu/linux-azure-fips@4.15.0-1002.2?arch=source&distro=fips/bionic
Ubuntu:Pro:FIPS:18.04:LTS / linux-gcp-fips
Package
- Name
- linux-gcp-fips
- Purl
- pkg:deb/ubuntu/linux-gcp-fips@4.15.0-1001.1?arch=source&distro=fips/bionic
Ubuntu:Pro:20.04:LTS / linux-azure-fde
Package
- Name
- linux-azure-fde
- Purl
- pkg:deb/ubuntu/linux-azure-fde@5.4.0-1103.109+cvm1.1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.4.0-1063.66+cvm2.2
5.4.0-1063.66+cvm3.2
5.4.0-1064.67+cvm1.1
5.4.0-1065.68+cvm2.1
5.4.0-1067.70+cvm1.1
5.4.0-1068.71+cvm1.1
5.4.0-1069.72+cvm1.1
5.4.0-1070.73+cvm1.1
5.4.0-1072.75+cvm1.1
5.4.0-1073.76+cvm1.1
5.4.0-1074.77+cvm1.1
5.4.0-1076.79+cvm1.1
5.4.0-1078.81+cvm1.1
5.4.0-1080.83+cvm1.1
5.4.0-1083.87+cvm1.1
5.4.0-1085.90+cvm1.1
5.4.0-1085.90+cvm2.1
5.4.0-1086.91+cvm1.1
5.4.0-1089.94+cvm1.2
5.4.0-1090.95+cvm1.1
5.4.0-1091.96+cvm1.1
5.4.0-1092.97+cvm1.1
5.4.0-1095.101+cvm1.1
5.4.0-1098.104+cvm1.1
5.4.0-1100.106+cvm1.1
5.4.0-1103.109+cvm1.1
Ubuntu:Pro:20.04:LTS / linux-gke
Package
- Name
- linux-gke
- Purl
- pkg:deb/ubuntu/linux-gke@5.4.0-1105.112?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.4.0-1033.35
5.4.0-1035.37
5.4.0-1036.38
5.4.0-1037.39
5.4.0-1039.41
5.4.0-1041.43
5.4.0-1042.44
5.4.0-1043.45
5.4.0-1044.46
5.4.0-1046.48
5.4.0-1049.52
5.4.0-1051.54
5.4.0-1052.55
5.4.0-1053.56
5.4.0-1054.57
5.4.0-1055.58
5.4.0-1056.59
5.4.0-1057.60
5.4.0-1059.62
5.4.0-1061.64
5.4.0-1062.65
5.4.0-1063.66
5.4.0-1065.68
5.4.0-1066.69
5.4.0-1067.70
5.4.0-1068.71
5.4.0-1071.76
5.4.0-1072.77
5.4.0-1074.79
5.4.0-1076.82
5.4.0-1078.84
5.4.0-1080.86
5.4.0-1081.87
5.4.0-1083.89
5.4.0-1084.90
5.4.0-1086.93
5.4.0-1087.94
5.4.0-1090.97
5.4.0-1091.98
5.4.0-1094.101
5.4.0-1095.102
5.4.0-1096.103
5.4.0-1097.104
5.4.0-1098.105
5.4.0-1099.106
5.4.0-1100.107
5.4.0-1101.108
5.4.0-1102.109
5.4.0-1103.110
5.4.0-1104.111
5.4.0-1105.112
Ubuntu:Pro:20.04:LTS / linux-raspi2
Package
- Name
- linux-raspi2
- Purl
- pkg:deb/ubuntu/linux-raspi2@5.4.0-1006.6?arch=source&distro=esm-infra/focal
Ubuntu:Pro:20.04:LTS / linux-riscv
Package
- Name
- linux-riscv
- Purl
- pkg:deb/ubuntu/linux-riscv@5.4.0-40.45?arch=source&distro=esm-infra/focal
Ubuntu:22.04:LTS / linux-intel-iot-realtime
Package
- Name
- linux-intel-iot-realtime
- Purl
- pkg:deb/ubuntu/linux-intel-iot-realtime@5.15.0-1073.75?arch=source&distro=jammy
Ubuntu:22.04:LTS / linux-realtime
Package
- Name
- linux-realtime
- Purl
- pkg:deb/ubuntu/linux-realtime@5.15.0-1032.35?arch=source&distro=jammy
Ubuntu:22.04:LTS / linux-riscv
Package
- Name
- linux-riscv
- Purl
- pkg:deb/ubuntu/linux-riscv@5.15.0-1028.32?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.13.0-1004.4
5.13.0-1006.6+22.04.1
5.13.0-1007.7+22.04.1
5.13.0-1010.11+22.04.1
5.15.0-1004.4
5.15.0-1005.5
5.15.0-1006.6
5.15.0-1007.7
5.15.0-1008.8
5.15.0-1011.12
5.15.0-1012.13
5.15.0-1014.16
5.15.0-1015.17
5.15.0-1016.18
5.15.0-1017.19
5.15.0-1018.21
5.15.0-1019.22
5.15.0-1020.23
5.15.0-1022.26
5.15.0-1023.27
5.15.0-1026.30
5.15.0-1027.31
5.15.0-1028.32