CVE-2019-1999

HIGH

Android - Use-After-Free in Binder Allocator

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1999. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a race condition in the Linux kernel's binder driver (CVE-2019-1999), where a use-after-free vulnerability occurs between the direct reclaim path and munmap() syscall. The PoC triggers a KASAN use-after-free error in zap_page_range by exploiting the unprotected read of the vma pointer.

Description

In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosandroid

https://www.exploit-db.com/exploits/46357

View Code ZIP pw:eip

This exploit demonstrates a race condition in the Linux kernel's binder driver (CVE-2019-1999), where a use-after-free vulnerability occurs between the direct reclaim path and munmap() syscall. The PoC triggers a KASAN use-after-free error in zap_page_range by exploiting the unprotected read of the vma pointer.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Racy

Target: Linux kernel (upstream master, specifically binder driver)

Auth required

Prerequisites: Kernel with KASAN enabled · Root access to run the PoC · Linux kernel with binder driver

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Broken Link vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106851

Vendor Advisory x_refsource_confirm

https://source.android.com/security/bulletin/2019-02-01

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46357/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3979-1/

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2019/dsa-4495

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Aug/13

Scores

CVSS v3 7.8

EPSS 0.0079

EPSS Percentile 51.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-415

Status published

Products (4)

canonical/ubuntu_linux 19.04

debian/debian_linux 9.0

debian/debian_linux 10.0

google/android

Published Feb 28, 2019

Tracked Since Feb 18, 2026