CVE-2019-2215 PoC — Android 资源管理错误漏洞

Source

https://github.com/mufidmb38/CVE-2019-2215

Associated Vulnerability

Title:Android 资源管理错误漏洞 (CVE-2019-2215)
Description:Android是美国谷歌（Google）和开放手持设备联盟（简称OHA）的一套以Linux为基础的开源操作系统。 Android中的binder.c文件存在资源管理错误漏洞。攻击者可利用该漏洞提升权限。

Description

CVE-2019-2215

Readme

# CVE-2019-2215
CVE-2019-2215 POC for kernel 3.18

Based on Maddie Stone's POC from https://bugs.chromium.org/p/project-zero/issues/detail?id=1942

How to use:
- adb push su98 /data/local/tmp
- adb push su98-memory-kallsyms /data/local/tmp
- adb shell
- G8231:/ $ cd /data/local/tmp
- G8231:/ $ chmod 755 *
- G8231:/data/local/tmp $ ./su98-memory-kallsyms
- G8231:/data/local/tmp $ ./su98 -c "COMMAND"

Tested on:
- Xperia XZs G8231 - 8.0 - 41.3.A.2.247 - 3.18.66 Kernel

File Snapshot


 [4.0K]  /data/pocs/7f97db47c17b07012765098819c6a2292edb6cae
├── [ 18K]  LICENSE
├── [ 444]  Makefile
├── [ 471]  README.md
├── [ 33K]  su98
├── [ 44K]  su98.c
├── [ 27K]  su98-memory-kallsyms
└── [ 36K]  su98-memory-kallsyms.c

0 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!