Published: 11/10/2019 Updated: 18/10/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Google Android could allow a local authenticated malicious user to gain elevated privileges on the system, caused by a use-after-free in the binder driver at /drivers/android/binder.c. By executing a specially-crafted application, an attacker could exploit this vulnerability to gain elevated privileges.

Vulnerability Trend

Affected Products

Vendor Product Versions


The following issue exists in the android-msm-wahoo-44-pie branch of androidgooglesourcecom/kernel/msm (and possibly others): There is a use-after-free of the wait member in the binder_thread struct in the binder driver at /drivers/android/binderc As described in the upstream commit: “binder_poll() passes the thread->wait wait ...

Mailing Lists

These are notes on further exploitation of the Android Binder use-after-free vulnerability as noted in CVE-2019-2215 and leveraged against Kernel 34x and 318x on Samsung Devices using Samsung Android and LineageOS ...
Hi list, Some of my notes on exploitation of CVE 2019-2215 Android Binder Use After Free on Kernel 34x and 318x on Samsung Devices using Samsung Android and LineageOS: githubcom/marcinguy/CVE-2019-2215/ Feel free to update/post if you have managed to get it working on different devices/kernels Thanks, ____________________________ ...

Recent Articles

Google October Android Security Update Fixes Critical RCE Flaws
Threatpost • Lindsey O'Donnell • 08 Oct 2019

Google has released fixes for three critical-severity vulnerabilities in the Media framework of its Android operating system, which if exploited could allow a remote attacker to execute code.
The remote code execution (RCE) flaws are part of Google’s October 2019 Android Security Bulletin, which deployed fixes for high and critical-severity vulnerabilities tied to nine CVEs overall. Qualcomm, whose chips are used in Android devices, also patched 18 high and critical-severity...

Google Warns of Android Zero-Day Bug Under Active Attack
Threatpost • Tom Spring • 04 Oct 2019

Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi.
Google’s Project Zero warned late Thursday that it suspected the vulnerability was being exploited by the controversial Israeli-based NSO Group Technologies or one of its customers. The NSO Group has been criticized for selling zero-day exploits to “authorized go...

Actively Exploited Android Zero-Day Impacts Google, Samsung Devices
BleepingComputer • Sergiu Gatlan • 04 Oct 2019

Google's Threat Analysis Group (TAG) says that a new Android zero-day is actively being exploited in the wild in attacks targeting vulnerable Google Pixel, Huawei, Xiaomi, Samsung, Oppo, and Moto smartphones.
This zero-day is a kernel local privilege escalation (LPE) bug using a use-after-free vulnerability in the Android binder driver that can be exploited by potential attackers to get full-control of unpatched devices.
"If the exploit is delivered via the web, it only needs to be ...