← back
CVE-2019-2215

CVE-2019-2215

CVSS 7.8 HIGHEPSS 72.1%● KEVCWE-416
In short

A flaw in Android's binder system allows an app to access memory that was already freed, potentially letting it take control of the kernel. An attacker would need to install a malicious app or exploit another vulnerability to trigger this.

Technical detail

Use-after-free vulnerability in binder.c enables privilege escalation from application context to kernel level via memory corruption. Exploitation requires local code execution (malicious app installation or network-facing app vulnerability) but no user interaction; impact includes full kernel compromise and device takeover.

Summary generated and translated by AI from the official description.
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Android
public PoCs found32
githubgithub.com/kangtastic/cve-2019-2215134githubgithub.com/timwr/CVE-2019-221577githubgithub.com/sharif-dev/AndroidKernelVulnerability70githubgithub.com/0xbinder/android-kernel-exploitation-lab44githubgithub.com/DimitriFourny/cve-2019-221540githubgithub.com/LIznzn/CVE-2019-221526githubgithub.com/stevejubx/CVE-2019-221516githubgithub.com/c3r34lk1ll3r/CVE-2019-221514githubgithub.com/R0rt1z2/huawei-unlock11githubgithub.com/qre0ct/android-kernel-exploitation-ashfaq-CVE-2019-22157githubgithub.com/willboka/CVE-2019-2215-HuaweiP20Lite5githubgithub.com/mutur4/CVE-2019-22155githubgithub.com/llccd/TempRoot-Huawei4githubgithub.com/i-redbyte/android-badbinder-demo4githubgithub.com/Byte-Master-101/CVE-2019-22153githubgithub.com/ATorNinja/CVE-2019-22153githubgithub.com/Enceka/cve-2019-2215-3.183githubgithub.com/mufidmb38/CVE-2019-22153githubgithub.com/wired0ut/CVE-2019-22152githubgithub.com/CrackerCat/Rootsmart-v2.02githubgithub.com/elbiazo/CVE-2019-22152githubgithub.com/mouseos/cve-2019-2215_SH-M082githubgithub.com/nicchongwb/Rootsmart-v2.01githubgithub.com/mythicaltree/CVE-2019-22150githubgithub.com/XiaozaYa/CVE-2019-22150githubgithub.com/raymontag/CVE-2019-22150githubgithub.com/codecat007/CVE-2019-22150cve_referencepacketstormsecurity.com/files/156495/Android-Binder-Use-After-Free.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47463unverifiedexploitdbwww.exploit-db.com/exploits/48129unverifiedcve_referencepacketstormsecurity.com/files/154911/Android-Binder-Use-After-Free.htmlunverifiedcve_referencepacketstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.htmlhttp://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.htmlhttp://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.htmlhttp://seclists.org/fulldisclosure/2019/Oct/38https://lists.debian.org/debian-lts-announce/2020/01/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlhttps://seclists.org/bugtraq/2019/Nov/11https://security.netapp.com/advisory/ntap-20191031-0005/https://source.android.com/security/bulletin/2019-10-01https://usn.ubuntu.com/4186-1/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en