Bad-Binder (CVE-2019-2215)

The following is the exploit for the bad binder (CVE-2019-2215) vulnz that was tested on an x86 Emulator. The aim was to abuse the UAF vulnerability to trigger an AAR primitive to leak kernel addresses and use an AAW primitive to overwrite addr_limit leading to a Kernel Read and Write primitive allowing us to modify the cred_struct for Local-Priviledge-Escalation (LPE).

Credits

• https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
• https://cloudfuzz.github.io/android-kernel-exploitation/chapters/exploitation.html#exploit-in-action