QID 610551
Date Published: 2024-03-18
QID 610551: Google Android 2.x and 3.x Numeric Errors Vulnerability
The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.
On successful exploitation, it could allow an attacker to execute code.
Solution
Refer to Google Pixel advisory CVE-2011-1823 to address this issue and obtain more information.
Vendor References
- CVE-2011-1823 -
nvd.nist.gov/vuln/detail/CVE-2011-1823
CVEs related to QID 610551
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| CVE-2011-1823 | Android |
|