CVE-2019-2023

HIGH

Android 8.0-9 - Insecure Permission Assignment in ServiceManager::add

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-2023. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC demonstrates a race condition in Android's hardware service manager (hwservicemanager) due to unsafe use of getpidcon(), allowing an attacker to register a malicious service instance. The exploit leverages PID reuse to bypass SELinux context checks.

Description

In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. This could allow an app to add or replace a HAL service with its own service, gaining code execution in a privileged process.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-121035042Upstream kernel

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdosandroid
https://www.exploit-db.com/exploits/46504

This PoC demonstrates a race condition in Android's hardware service manager (hwservicemanager) due to unsafe use of getpidcon(), allowing an attacker to register a malicious service instance. The exploit leverages PID reuse to bypass SELinux context checks.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Android (tested on Pixel 2 with build PQ1A.181205.002)
No auth needed
Prerequisites: Physical or local access to an affected Android device · Device running a vulnerable build (e.g., Pixel 2 with 2018-12-05 patch level)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0049
EPSS Percentile 38.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (3)
google/android 8.0
google/android 8.1
google/android 9.0
Published Jun 19, 2019
Tracked Since Feb 18, 2026