CVE-2011-1823
Android OS Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
YesDecision
Descriptions
The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.
El demonio de vold volume manager en Android versión 3.0 y versiones 2.x anterior a 2.3.4, confía en los mensajes que son recibidos desde un socket PF_NETLINK, que permite a los usuarios locales ejecutar código arbitrario y alcanzar privilegios de root por medio de un índice negativo que omite la comprobación de un entero firmado maximum-only en el método DirectVolume::handlePartitionAdded, que activa una corrupción de memoria, como es demostrado por Gingerbreak.
The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-04-20 CVE Reserved
- 2011-06-09 CVE Published
- 2022-09-08 Exploited in Wild
- 2022-09-29 KEV Due Date
- 2024-06-29 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (9)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | >= 2.0 < 2.3.4 Search vendor "Google" for product "Android" and version " >= 2.0 < 2.3.4" | - |
Affected
| ||||||
Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | 3.0 Search vendor "Google" for product "Android" and version "3.0" | - |
Affected
|