CVE-2019-2215 PoC — Android 资源管理错误漏洞

Source

https://github.com/XiaozaYa/CVE-2019-2215

Associated Vulnerability

Title:Android 资源管理错误漏洞 (CVE-2019-2215)
Description:Android是美国谷歌（Google）和开放手持设备联盟（简称OHA）的一套以Linux为基础的开源操作系统。 Android中的binder.c文件存在资源管理错误漏洞。攻击者可利用该漏洞提升权限。

Description

Andriod binder bug record

Readme

# CVE-2019-2215
Andriod binder bug record.Just only test on emulator (:
- `ubuntu 22.04 | 4G | 4 cpus`  
- `andriod studio [Pixel2 | Andriod 10.0(Q)--Google Play Intel x86 Atom 64 System Image | API-29]`  
- `ndk 21.0.6113669`  
- `origin/android-goldfish-4.14-dev | [kernel version is 4.14.175]`

# some important config options
```
CONFIG_SLAB_FREELIST_RANDOM is not set  
CONFIG_SLAB_FREELIST_HARDENED is not set  
CONFIG_SLUB_DEBUG=y  
CONFIG_SLUB=y  
CONFIG_SLUB_CPU_PARTIAL=y
```
# Reference
https://cloudfuzz.github.io/android-kernel-exploitation/

File Snapshot


 [4.0K]  /data/pocs/d562c6e0ea5827c9e1528e8ecdbaf7916a0fdd7c
├── [105K]  config
├── [1.9K]  cve-2019-2215.patch
├── [7.2K]  exploit.c
├── [  90]  install.sh
├── [ 555]  README.md
└── [ 60K]  root.png

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!