4.6
CVSSv2

CVE-2019-2215

Published: 11/10/2019 Updated: 18/10/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Google Android could allow a local authenticated malicious user to gain elevated privileges on the system, caused by a use-after-free in the binder driver at /drivers/android/binder.c. By executing a specially-crafted application, an attacker could exploit this vulnerability to gain elevated privileges.

Vulnerability Trend

Affected Products

Vendor Product Versions
GoogleAndroid-

Vendor Advisories

Several security issues were fixed in the Linux kernel ...
There is a use-after-free vulnerability in binderc of Android kernel Successful exploitation may cause the attacker elevate the privilege (Vulnerability ID: HWPSIRT-2019-10100) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-2215   Huawei has released software updates to fix this vulnerability Th ...
Several security issues were fixed in the Linux kernel ...

Exploits

The following issue exists in the android-msm-wahoo-44-pie branch of androidgooglesourcecom/kernel/msm (and possibly others): There is a use-after-free of the wait member in the binder_thread struct in the binder driver at /drivers/android/binderc As described in the upstream commit: “binder_poll() passes the thread->wait wait ...
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Post::Common include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize( ...

Mailing Lists

Android Binder use-after-free exploit ...
These are notes on further exploitation of the Android Binder use-after-free vulnerability as noted in CVE-2019-2215 and leveraged against Kernel 34x and 318x on Samsung Devices using Samsung Android and LineageOS ...
Hi list, Some of my notes on exploitation of CVE 2019-2215 Android Binder Use After Free on Kernel 34x and 318x on Samsung Devices using Samsung Android and LineageOS: githubcom/marcinguy/CVE-2019-2215/ Feel free to update/post if you have managed to get it working on different devices/kernels Thanks, ____________________________ ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 142 kernel (SSA:2019-311-01) New kernel packages are available for Slackware 142 to fix security issues Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/linux-44199/*: Upgraded These updates fix various bug ...

Github Repositories

Branch: master Go to file Code Clone with HTTPS Use Git or checkout with SVN using the web URL. Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit saga0324 committed 3301a1a 2 minutes ago MERGED FROM OLD ACCOUNT Git stats 1 commits 1 branch 0 tags Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time Android.mk MERGED FROM OLD ACCOUNT 2 minutes ago AndroidProducts.mk MERGED FROM OLD ACCOUNT 2 minutes ago BoardConfig.mk MERGED FROM OLD ACCOUNT 2 minutes ago README.md MERGED FROM OLD ACCOUNT 2 minutes ago omni.dependencies MERGED FROM OLD ACCOUNT 2 minutes ago omni_sh8996.mk MERGED FROM OLD ACCOUNT 2 minutes ago recovery.fstab MERGED FROM OLD ACCOUNT 2 minutes ago sh8996.mk MERGED FROM OLD ACCOUNT 2 minutes ago system.prop MERGED FROM OLD ACCOUNT 2 minutes ago vendorsetup.sh MERGED FROM OLD ACCOUNT 2 minutes ago View code README.md Device Details for SHARP SH8996 (SHV34/506SH/AQUOS P1) (AL40/PA32/P1X) Basic Spec CPU 2 x Kryo 2.2Ghz + 2 x Kryo-LP 1.6Ghz Chipset Qualcomm Snapdragon 820 (MSM8996) GPU Adreno 530 ROM 32GB RAM 3GB Android 6.0.1->7.0->8.0.0 Kernel 3.18.20->3.18.31->3.18.71 Battery 3000mAh Display 1920x1080pixels 5.3inches IGZO Rear Camera 22.60MP Front Camera 5MP Carrier Japan-au/SoftBank China-Open Way to write own built recovery image Via Exp In S5290 version,bootloader can be unlocked by modify devinfo partition 's flag.but this device don't have any fastboot and qdloader,so you must use exp(such as dirtycow,CVE-2019-2215 and so on)to write your own built recovery image About No description, website, or topics provided. Resources Readme Releases No releases published Languages Makefile 98.2% Shell 1.8%

Triggering and Analyzing Android Kernel Vulnerability CVE-2019-2215

常用渗透poc收集

python-poc

Android Security Resources.

Recent Articles

A Brisk Private Trade in Zero-Days Widens Their Use
Threatpost • Tara Seals • 06 Apr 2020

There were more zero-days exploited in 2019 than any of the previous three years, according to telemetry from FireEye Mandiant. The firm said that’s likely due to more zero-days coming up for sale by cyber-weapons dealers like NSO Group; a growing commercial market has made such tools much more widely available.
While the identification and exploitation of zero-day vulnerabilities has historically been a calling card for only the most sophisticated cybercriminals, a wider range of threat...

Here we go again: Software nasties slip into Google Play, exploit make-me-root Android flaw for maximum pwnage
The Register • Shaun Nichols in San Francisco • 07 Jan 2020

Apps spotted abusing use-after-free() bug seven months before patch

At least three malicious apps with device-hijacking exploits have made it onto the Google Play Store in recent weeks.
This is according to eggheads at Trend Micro, who found that the since-removed applications were all abusing a use-after-free() flaw in the operating system to elevate their privileges, and pull down and run further malware from a command-and-control server. The malicious apps were Camero, FileCrypt, and callCam, so check if you still have them installed.
"The three m...

T-Mobile US hacked, Monero wallet app infected, public info records on 1.2bn people leak from database...
The Register • Shaun Nichols in San Francisco • 23 Nov 2019

...OnePlus also compromised, and much more

Roundup Time for another roundup of all the security news that's fit to print and that we haven't covered yet.
T-Mobile US prepaid account holders got some unwelcome news this week when their wireless carrier admitted on Friday it was compromised by miscreants who would have been able to ogle customers' personal information.
Exposed details include name, billing address, account number, and mobile plan types. T-Mobile notes that, at least, no bank card info was exposed.
"Our cy...

Google October Android Security Update Fixes Critical RCE Flaws
Threatpost • Lindsey O'Donnell • 08 Oct 2019

UPDATE
Google has released fixes for three critical-severity vulnerabilities in the Media framework of its Android operating system, which if exploited could allow a remote attacker to execute code.
The remote code execution (RCE) flaws are part of Google’s October 2019 Android Security Bulletin, which deployed fixes for high and critical-severity vulnerabilities tied to nine CVEs overall. Qualcomm, whose chips are used in Android devices, also patched 18 high and critical-severity...

Google Warns of Android Zero-Day Bug Under Active Attack
Threatpost • Tom Spring • 04 Oct 2019

Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi.
Google’s Project Zero warned late Thursday that it suspected the vulnerability was being exploited by the controversial Israeli-based NSO Group Technologies or one of its customers. The NSO Group has been criticized for selling zero-day exploits to “authorized go...

Actively Exploited Android Zero-Day Impacts Google, Samsung Devices
BleepingComputer • Sergiu Gatlan • 04 Oct 2019

Google's Threat Analysis Group (TAG) says that a new Android zero-day is actively being exploited in the wild in attacks targeting vulnerable Google Pixel, Huawei, Xiaomi, Samsung, Oppo, and Moto smartphones.
This zero-day is a kernel local privilege escalation (LPE) bug using a use-after-free vulnerability in the Android binder driver that can be exploited by potential attackers to get full-control of unpatched devices.
"If the exploit is delivered via the web, it only needs to be ...