module
Android Binder Use-After-Free Exploit
| Disclosed |
|---|
| Sep 26, 2019 |
Disclosed
Sep 26, 2019
Description
This module exploits CVE-2019-2215, which is a use-after-free in Binder in the
Android kernel. The bug is a local privilege escalation vulnerability that
allows for a full compromise of a vulnerable device. If chained with a browser
renderer exploit, this bug could fully compromise a device through a malicious
website.
The freed memory is replaced with an iovec structure in order to leak a pointer
to the task_struct. Finally the bug is triggered again in order to overwrite
the addr_limit, making all memory (including kernel memory) accessible as part
of the user-space memory range in our process and allowing arbitrary reading
and writing of kernel memory.
Android kernel. The bug is a local privilege escalation vulnerability that
allows for a full compromise of a vulnerable device. If chained with a browser
renderer exploit, this bug could fully compromise a device through a malicious
website.
The freed memory is replaced with an iovec structure in order to leak a pointer
to the task_struct. Finally the bug is triggered again in order to overwrite
the addr_limit, making all memory (including kernel memory) accessible as part
of the user-space memory range in our process and allowing arbitrary reading
and writing of kernel memory.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.