CVE-2019-2215

ENISA EUVD: EUVD-2019-11857 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 2 articles Published: 2019-10-11

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

54.47%

probability

This CVE has a 54.47% probability of being exploited in the next 30 days.

0% Top 98.1th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

4.6

MEDIUM

Access Vector

Local

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095

Affected Products

n/a

Android

Kernel

google

android

debian

debian linux

canonical

ubuntu linux

netapp

cloud backup

netapp

data availability services

n/a

Android

Kernel

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-416 · Use After Free CWE-664 · Improper Control of a Resource Through its Lifetime CWE-666 · Operation on Resource in Wrong Phase of Lifetime CWE-672 · Operation on a Resource after Expiration or Release CWE-825 · Expired Pointer Dereference

Google Project Zero

Discovered

Sept. 26, 2019

Patched

Oct. 6, 2019

Reported by

Maddie Stone of Google Project Zero

Root Cause Analysis

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2019/CVE-2019-2215.html

Exploits & PoC

kangtastic/cve-2019-2215

Temproot for Pixel 2 and Pixel 2 XL via CVE-2019-2215

133 2019-10-15

timwr/CVE-2019-2215

77 2019-11-12

sharif-dev/AndroidKernelVulnerability

Triggering and Analyzing Android Kernel Vulnerability CVE-2019-2215

69 2022-09-04

0xbinder/android-kernel-exploitation-lab

This lab guides you through setting up an environment to explore CVE-2019-2215, a critical Android kernel vulnerability in the binder subsystem.

43 2025-04-24

DimitriFourny/cve-2019-2215

Android privilege escalation via an use-after-free in binder.c

40 2020-04-14

LIznzn/CVE-2019-2215

Temproot for Bravia TV via CVE-2019-2215.

26 2020-02-20

stevejubx/CVE-2019-2215

Android Kernel Vulnerability (CVE-2019-2215) temporary root PoC

15 2023-12-21

c3r34lk1ll3r/CVE-2019-2215

PoC for old Binder vulnerability (based on P0 exploit)

14 2020-10-27

R0rt1z2/huawei-unlock

Unlock your Huawei device with ADB (CVE-2019-2215)

11 2024-05-20

qre0ct/android-kernel-exploitation-ashfaq-CVE-2019-2215

android-kernel-exploitation-ashfaq-CVE-2019-2215 docker setup for mac users

6 2020-04-25

willboka/CVE-2019-2215-HuaweiP20Lite

Exploit for CVE-2019-2215 (bad binder) for Huawei P20 Lite

5 2024-02-06

mutur4/CVE-2019-2215

This is a critical UAF vulnerability exploit that affected the android binder IPC system used in the wild and discovered by P0

5 2024-04-22

llccd/TempRoot-Huawei

CVE-2019-2215 poc for Huawei hardened kernel

4 2025-02-04

ATorNinja/CVE-2019-2215

CVE 2019-2215 Android Binder Use After Free

3 2019-10-16

Byte-Master-101/CVE-2019-2215

Temproot for Pixel 2 and Pixel 2 XL via CVE-2019-2215

3 2021-02-05

mufidmb38/CVE-2019-2215

CVE-2019-2215

3 2021-06-30

Enceka/cve-2019-2215-3.18

for kernel 3.18.x

3 2022-04-28

CrackerCat/Rootsmart-v2.0

Android Ransomware Development - AES256 encryption + CVE-2019-2215 (reverse root shell) + Data Exfiltration

2 2022-03-19

elbiazo/CVE-2019-2215

Exploit for Bad Binder

2 2023-05-30

mouseos/cve-2019-2215_SH-M08

2 2025-04-20

i-redbyte/android-badbinder-demo

demo CVE-2019-2215 (Bad Binder) for Android Q

2 2025-11-07

wired0ut/CVE-2019-2215

Full exploit for the Android vulnerability Bad Binder found in early Google Pixel phones.

2 2026-04-22

nicchongwb/Rootsmart-v2.0

Android Ransomware Development - AES256 encryption + CVE-2019-2215 (reverse root shell) + Data Exfiltration

1 2022-03-19

codecat007/CVE-2019-2215

0 2019-10-09

raymontag/CVE-2019-2215

0 2024-07-02

XiaozaYa/CVE-2019-2215

Andriod binder bug record

0 2024-11-18

26 repos — triés par ⭐ Rechercher sur GitHub ↗

https://source.android.com/security/bulletin/2019-10-01

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2019/Oct/38

mailing-list x_refsource_FULLDISC

http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html

x_refsource_MISC

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20191031-0005/

x_refsource_CONFIRM

https://seclists.org/bugtraq/2019/Nov/11

mailing-list x_refsource_BUGTRAQ

Signal Intelligence

Confidenceⓘ

95%

EPSS 54.47%

CVSS v3.1 7.8

Mentions 2

Last Seen Oct 04, 2019

CNA Information

CNA Assigner

google_android

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 4

SideCopy

apt_group Information theft and espionage 🇵🇰 PK

SideWinder

apt_group 🇮🇳 IN

VICEROY TIGER

apt_group Information theft and espionage 🇮🇳 IN

RAZOR TIGER

apt_group Information theft and espionage 🇮🇳 IN

Triage Info

Decided atMar 05, 2026

Published DateOct 11, 2019