CVE-2019-2215

CVE Database · CVE-2019-2215

CVE-2019-2215

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

72.10%

Published

Oct 11, 2019

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (11)

All weaponized →

Exploit-DBAndroid - Binder Driver Use-After-Free Exploit-DBAndroid Binder - Use-After-Free (Metasploit)TrickestTrickest PoC index GitHub PoCkangtastic/cve-2019-2215★134 GitHub PoCtimwr/CVE-2019-2215★77 GitHub PoCsharif-dev/AndroidKernelVulnerability★70 GitHub PoC0xbinder/android-kernel-exploitation-lab★44 GitHub PoCDimitriFourny/cve-2019-2215★40 GitHub PoCLIznzn/CVE-2019-2215★26 GitHub PoCstevejubx/CVE-2019-2215★16 GitHub PoCc3r34lk1ll3r/CVE-2019-2215★14

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-416

Affected Products (159)

google · androidvulnerable

debian · debian_linuxvulnerable

canonical · ubuntu_linuxvulnerable

netapp · cloud_backupvulnerable

netapp · data_availability_servicesvulnerable

netapp · hci_management_nodevulnerable

netapp · service_processorvulnerable