Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-2215 PoC — Android 资源管理错误漏洞

Source
https://github.com/mutur4/CVE-2019-2215
Associated Vulnerability
Title:Android 资源管理错误漏洞 (CVE-2019-2215)
Description:Android是美国谷歌(Google)和开放手持设备联盟(简称OHA)的一套以Linux为基础的开源操作系统。 Android中的binder.c文件存在资源管理错误漏洞。攻击者可利用该漏洞提升权限。
Description
This is a bad-binder exploit affecting the android binder IPC system that was used in the wild discovered by P0
Readme
### Bad-Binder (CVE-2019-2215)
The following is the exploit for the **bad binder** *(CVE-2019-2215)* vulnz that was tested on an x86 Emulator. The aim was to abuse the UAF vulnerability to trigger an AAR primitive to leak kernel addresses and use an AAW primitive to overwrite `addr_limit` leading to a Kernel Read and Write primitive allowing us to modify the `cred_struct` for Local-Priviledge-Escalation `(LPE)`.

### Credits
- https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
- https://cloudfuzz.github.io/android-kernel-exploitation/chapters/exploitation.html#exploit-in-action
File Snapshot

 [4.0K]  /data/pocs/b6c768a6ef4ea6572be726b34ee707a2ce59a5d6
├── [9.9K]  exploit.c
└── [ 621]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.