The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: use after free via binder_alloc_free_page

Synthesis of the vulnerability 

An attacker can force the usage of a freed memory area via binder_alloc_free_page() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted software: Debian, Android OS, Linux, Ubuntu.
Severity of this computer vulnerability: 2/4.
Creation date: 12/08/2019.
Références of this announce: CERTFR-2019-AVI-381, CVE-2019-1999, DSA-4495-1, PROJ-ZERO-1721, USN-3979-1, VIGILANCE-VUL-30004.

Description of the vulnerability 

An attacker can force the usage of a freed memory area via binder_alloc_free_page() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity weakness impacts software or systems such as Debian, Android OS, Linux, Ubuntu.

Our Vigil@nce team determined that the severity of this security vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this vulnerability bulletin.

Solutions for this threat 

Linux kernel: version 4.19.49.
The version 4.19.49 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/

Linux kernel: version 4.14.124.
The version 4.14.124 is fixed:
  https://cdn.kernel.org/pub/linux/kernel/v4.x/

Linux kernel: patch for binder_alloc_free_page.
A patch is indicated in information sources.

Debian 10: new linux packages.
New packages are available:
  Debian 10: linux 4.19.37-5+deb10u2

Google Android/Pixel: patch for February 2019.
A patch is indicated in information sources.

Ubuntu 19.04: new linux-image-5.0.0 packages.
New packages are available:
  Ubuntu 19.04: linux-image-generic 5.0.0.15.16
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability alert. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.