Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-2215 PoC — Android 资源管理错误漏洞

Source
https://github.com/mutur4/CVE-2019-2215
Associated Vulnerability
Title:Android 资源管理错误漏洞 (CVE-2019-2215)
Description:A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Description
This is a bad-binder exploit affecting the android binder IPC system that was used in the wild discovered by P0
Readme
### Bad-Binder (CVE-2019-2215)
The following is the exploit for the **bad binder** *(CVE-2019-2215)* vulnz that was tested on an x86 Emulator. The aim was to abuse the UAF vulnerability to trigger an AAR primitive to leak kernel addresses and use an AAW primitive to overwrite `addr_limit` leading to a Kernel Read and Write primitive allowing us to modify the `cred_struct` for Local-Priviledge-Escalation `(LPE)`.

### Credits
- https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
- https://cloudfuzz.github.io/android-kernel-exploitation/chapters/exploitation.html#exploit-in-action
File Snapshot

 [4.0K]  /data/pocs/b6c768a6ef4ea6572be726b34ee707a2ce59a5d6
├── [9.9K]  exploit.c
└── [ 621]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →