DEBIAN-CVE-2019-2215

DEBIAN-CVE-2019-2215 PUBLISHED CVSS 7.800000190734863 HIGH

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	linux	0, 0, 0
Debian:14	linux	0, 0, 0
Debian:12	linux	0, 0, 0
Debian:13	linux	0, 0, 0

Exploit Intelligence

mythicaltree/CVE-2019-2215 (github-poc-repo)
mythicaltree/CVE-2019-2215 (github-poc)
android-kernel-exploitation-ashfaq-CVE-2019-2215 docker setup for mac users (github-poc-repo)
PoC for old Binder vulnerability (based on P0 exploit) (github-poc-repo)
Temproot for Pixel 2 and Pixel 2 XL via CVE-2019-2215 (github-poc-repo)
CVE-2019-2215 (github-poc-repo)
Android Ransomware Development - AES256 encryption + CVE-2019-2215 (reverse root shell) + Data Exfiltration (github-poc-repo)
Android Ransomware Development - AES256 encryption + CVE-2019-2215 (reverse root shell) + Data Exfiltration (github-poc-repo)
for kernel 3.18.x (github-poc-repo)
Triggering and Analyzing Android Kernel Vulnerability CVE-2019-2215 (github-poc-repo)

…and 39 more exploits

Timeline

Oct 11, 2019 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2019-2215 advisory

Open in Interactive Console →