Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-2215 PoC — Android 资源管理错误漏洞

Source
https://github.com/XiaozaYa/CVE-2019-2215
Associated Vulnerability
Title:Android 资源管理错误漏洞 (CVE-2019-2215)
Description:A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Description
Andriod binder bug record
Readme
# CVE-2019-2215
Andriod binder bug record.Just only test on emulator (:
- `ubuntu 22.04 | 4G | 4 cpus`  
- `andriod studio [Pixel2 | Andriod 10.0(Q)--Google Play Intel x86 Atom 64 System Image | API-29]`  
- `ndk 21.0.6113669`  
- `origin/android-goldfish-4.14-dev | [kernel version is 4.14.175]`

# some important config options
```
CONFIG_SLAB_FREELIST_RANDOM is not set  
CONFIG_SLAB_FREELIST_HARDENED is not set  
CONFIG_SLUB_DEBUG=y  
CONFIG_SLUB=y  
CONFIG_SLUB_CPU_PARTIAL=y
```
# Reference
https://cloudfuzz.github.io/android-kernel-exploitation/
File Snapshot

 [4.0K]  /data/pocs/d562c6e0ea5827c9e1528e8ecdbaf7916a0fdd7c
├── [105K]  config
├── [1.9K]  cve-2019-2215.patch
├── [7.2K]  exploit.c
├── [  90]  install.sh
├── [ 555]  README.md
└── [ 60K]  root.png

0 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →