Attacker Value
Moderate
(3 users assessed)
Exploitability
Low
(3 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
1

CVE-2019-2215

Disclosure Date: October 11, 2019
CVE-2019-2215 CVSS v3 Base Score: 7.8
Exploited in the Wild
Reported by gwillcox-r7
View Source Details
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

Add Assessment

2
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Very Low
Technical Analysis

There is a working proof of concept available for some devices.

Log in to Add Reply
1
Ratings
  • Attacker Value
    Low
  • Exploitability
    Low
Gives privileged accessVulnerable in default configurationDifficult to weaponizeRequires physical accessRequires user interaction
Technical Analysis

As a privilege escalation does still need an initial vector onto the phone, so requires either another exploit or additional tradecraft. This is unlikely to work in conjunction with a Chrome exploit today because many phones run a 64-bit kernel + 32-bit Chrome, perhaps for this very reason!.

After testing the Metasploit module it took a considerable amount of specific targeting effort to get just the right model, and because the phone has a feature/bug that made it difficult to downgrade firmware (and the phone likes to upgrade on its own very easily), targeting this after disclosure may be very difficult.

However, if you can find this bug or a similar one on a common phone that is past applying security updates, it could be useful for privesc from a malicious app. But I think the issue that plagues a lot of Android binary exploitation vulns is the lack of generality and there being lower-hanging fruit.

Log in to Add Reply
1
Technical Analysis

Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Android Kernel
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
exploit/android/local/binder_uaf
Reporter
Unknown

Vendors

  • google

Products

  • android -

Exploited in the Wild

Reported by:
Technical Analysis