CVE-2019-2000

HIGH

Android - Use-After-Free in binder.c

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-2000. PoCs published by Google Security Research.

AI-analyzed exploit summary This is a detailed writeup describing two use-after-free vulnerabilities in the Linux kernel's binder driver (CVE-2019-2000). It explains the root cause, violation of fdget/fdput rules, and provides reproduction steps for both upstream and msm kernel variants.

Description

In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Google Security Research · textdosandroid
https://www.exploit-db.com/exploits/46356

This is a detailed writeup describing two use-after-free vulnerabilities in the Linux kernel's binder driver (CVE-2019-2000). It explains the root cause, violation of fdget/fdput rules, and provides reproduction steps for both upstream and msm kernel variants.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Complex
Reliability
Theoretical
Target: Linux kernel (upstream and msm variants) with binder driver
No auth needed
Prerequisites: Kernel configured with Binder and KASAN · Access to /dev/binder · Multi-task environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46356/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106851
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2019-02-01

Scores

CVSS v3 7.8
EPSS 0.0066
EPSS Percentile 46.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416 CWE-787
Status published
Products (1)
google/android
Published Feb 28, 2019
Tracked Since Feb 18, 2026