{"vulnerability": "CVE-2022-20421", "sightings": [{"uuid": "ff9def05-e203-4211-b52a-8e3c2f58fdaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20421", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1563", "content": "CVE-2022-20421\nBad Spin: Android Binder Privilege Escalation Exploit\ndownload\n\n#android", "creation_timestamp": "2023-06-02T16:30:28.000000Z"}, {"uuid": "3c73274a-c6bd-48fc-b17e-30fc2b834f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20421", "type": "published-proof-of-concept", "source": "Telegram/bKP-iwwMQtOOWDZQExb8JL74Stavj2rFrcGJwGzD4-08zAc", "content": "", "creation_timestamp": "2025-08-29T09:00:04.000000Z"}, {"uuid": "6970afaf-1cf2-4a71-9f41-a2ebe6a075f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20421", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3527", "content": "\ud83d\udd25 Bad Spin : Android Binder LPE\n\nPrivilege escalation exploit from unstrusted_app for Android Binder vulnerability (CVE-2022-20421).\n\nRun from shell:\n\n1\ufe0f\u20e3Compile the libbadspin.so library by typing make push in the src/ directory. This will also push the library to /data/local/tmp.\n\n2\ufe0f\u20e3Run adb shell.\n\n3\ufe0f\u20e3Run LD_PRELOAD=/data/local/tmp/libbadspin.so sleep 1. This will load the library and start the exploit.\n\nRun from demo app:\n\n1\ufe0f\u20e3Compile libbadspin.so by typing make push in the src/ directory. This will copy the library to the assets directory for the demo Android app.\n\n2\ufe0f\u20e3Compile the demo Android app in the app/ directory. (You might need Android Studio to do this.)\n\n3\ufe0f\u20e3Run the app and click on the \"Exploit\" button.\n\n4\ufe0f\u20e3Consume logs using: adb logcat -s BADSPIN\n\nDownload", "creation_timestamp": "2023-05-20T06:50:36.000000Z"}, {"uuid": "ada53428-7428-4537-84d6-d8d48949def5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20421", "type": "seen", "source": "https://t.me/cibsecurity/51213", "content": "\u203c CVE-2022-20421 \u203c\n\nIn binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T00:32:27.000000Z"}, {"uuid": "c4ea3d32-d1f1-4433-8ef4-ad728780f9c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20421", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3039", "content": "Tools - Hackers Factory \n\nEndpoints Explorer\n\nA Python script that employs multiple bypass rules to discover sensitive endpoints.\n\nhttps://github.com/wzqs/endpoints_explore\n\n#infosec #pentesting #bugbount\n\n\u200b\u200bCoercer\n\nA python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.\n\nhttps://github.com/p0dalirius/Coercer\n\n#infosec #pentesting #redteam\n\n\u200b\u200bdirsearch_bypass403\n\nDirectory scanning + extraction of URLs/subdomains from JS files + 403 status bypass + fingerprinting.\n\nhttps://github.com/lemonlove7/dirsearch_bypass403\n\n#infosec #pentesting #redteam\n\n\u200b\u200bDarc Viewpoint\n\nCybersecurity Assets & Threats Modeling analysis.\n\nhttps://github.com/eclipse/capella-cybersecurity\n\n#cybersecurity #infosec\n\n\u200b\u200bBug Bounty Dork\n\nThis will output all the google results for each of the tasks so you can hopefully find a vunerability. 503 error means you need a new IP as google knows your up to something! This will output the results to files and then you cna browse and see what you have found.\n\nhttps://github.com/random-robbie/bugbountydork\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bHypervisor\n\nThe most comprehensive resource for Virtualization with a focus on Cybersecurity, Learn, exploit, read, and create let's make the industry safer by sharing and learning.\n\nhttps://github.com/AtonceInventions/Hypervisor\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bBug Bounty Reports Templates\n\nList of reporting templates I have used since I started doing BBH.\n\nhttps://github.com/pdelteil/BugBountyReportTemplates\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200bCVE-2022-20421\n\nPrivilege escalation exploit from unstrusted_app for Android Binder vulnerability (CVE-2022-20421). The vulnerability is patched on Android's Security Bulletin of October 2022.\n\nhttps://github.com/0xkol/badspin\n\n#cve #infosec #exploit\n\n\u200b\u200bNetSec\n\nA tool to analyze devices connecting to the router and alert accordingly when a new device is connected. This app can display and store intruders' IP address, MAC address, and Block the device.\n\nhttps://github.com/thevickypedia/NetSec\n\n#cybersecurity #infosec\n\n\u200b\u200bAISec\n\nCybersecurity of Machine Learning and Artificial Intelligence Implementations.\n\nhttps://github.com/sdnewhop/AISec\n\n#cybersecurity #infosec\n\n\u200b\u200bProcessInjection\n\nThe program is designed to perform process injection. Currently the tool supports 5 process injection techniques.\n\nhttps://github.com/3xpl01tc0d3r/ProcessInjection\n\n#infosec #pentesting #redteam\n\n\u200b\u200bAADAppAudit\n\nThis tool was initially developed to analyze possible illicit consent grant attacks & in help of analyzing Azure AD consent grant framework but has been developed further since to provide answers to the most typical security related questions around Azure AD integrated apps and permissions.\n\nhttps://github.com/jsa2/AADAppAudit\n\n#infosec #pentesting #redteam\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-06-25T11:12:20.000000Z"}, {"uuid": "bcc9ed8c-f90e-4edd-ad5b-6b0feb4cdd23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20421", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1897", "content": "Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel \nThis paper presents an exploit for a unique Binder kernel use-after-free (UAF) vulnerability which was disclosed recently (CVE-2022-20421) \nWrite-up: https://0xkol.github.io/assets/files/Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf \nSlides: https://0xkol.github.io/assets/files/OffensiveCon23_Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf \nPoC: https://github.com/0xkol/badspin", "creation_timestamp": "2023-07-07T22:16:42.000000Z"}, {"uuid": "7cd41baa-7b9e-4c0d-833e-0ab50d7e2f19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20421", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1957", "content": "In details slides explaining exploitation of binder kernel use-after-free (UAF) vulnerability in the Android kernel (CVE-2022-20421) to achieves full kernel R/W \nAffected devices: devices running Kernel version 5.4.x and 5.10.x\n\nSlides: https://0xkol.github.io/assets/files/OffensiveCon23_Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf\nResearch: https://0xkol.github.io/assets/files/Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf\nPoC: https://github.com/0xkol/badspin", "creation_timestamp": "2023-08-22T09:46:34.000000Z"}, {"uuid": "b8b7e48e-aff2-4e7d-af66-33d2b1ee3e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20421", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9069", "content": "#Offensive_security\n\"Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel\", OffensiveCon 2023 (full).\n\n]-> Bad Spin: Android Binder LPE Exploit (CVE-2022-20421):\nhttps://github.com/0xkol/badspin", "creation_timestamp": "2024-12-25T16:23:25.000000Z"}, {"uuid": "05a60498-31ee-4590-8c3b-bb270d372b4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-20421", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1100", "content": "#Offensive_security\n\"Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel\", OffensiveCon 2023 (full).\n\n]-> Bad Spin: Android Binder LPE Exploit (CVE-2022-20421):\nhttps://github.com/0xkol/badspin", "creation_timestamp": "2024-08-16T08:28:20.000000Z"}]}