module
Android Binder Use-After-Free Exploit
| Disclosed |
|---|
| 2019-09-26 |
Disclosed
2019-09-26
Description
This module exploits CVE-2019-2215, which is a use-after-free in Binder in the
Android kernel. The bug is a local privilege escalation vulnerability that
allows for a full compromise of a vulnerable device. If chained with a browser
renderer exploit, this bug could fully compromise a device through a malicious
website.
The freed memory is replaced with an iovec structure in order to leak a pointer
to the task_struct. Finally the bug is triggered again in order to overwrite
the addr_limit, making all memory (including kernel memory) accessible as part
of the user-space memory range in our process and allowing arbitrary reading
and writing of kernel memory.
Android kernel. The bug is a local privilege escalation vulnerability that
allows for a full compromise of a vulnerable device. If chained with a browser
renderer exploit, this bug could fully compromise a device through a malicious
website.
The freed memory is replaced with an iovec structure in order to leak a pointer
to the task_struct. Finally the bug is triggered again in order to overwrite
the addr_limit, making all memory (including kernel memory) accessible as part
of the user-space memory range in our process and allowing arbitrary reading
and writing of kernel memory.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.