CVE-2011-1823

Android OS Privilege Escalation Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.

El demonio de vold volume manager en Android versión 3.0 y versiones 2.x anterior a 2.3.4, confía en los mensajes que son recibidos desde un socket PF_NETLINK, que permite a los usuarios locales ejecutar código arbitrario y alcanzar privilegios de root por medio de un índice negativo que omite la comprobación de un entero firmado maximum-only en el método DirectVolume::handlePartitionAdded, que activa una corrupción de memoria, como es demostrado por Gingerbreak.

The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-04-20 CVE Reserved
2011-06-09 CVE Published
2022-09-08 Exploited in Wild
2022-09-29 KEV Due Date
2024-06-29 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (9)

URL	Tag	Source
http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=b620a0b1c7ae486e979826200e8e441605b0a5d6	Broken Link
http://android.git.kernel.org/?p=platform/system/netd.git%3Ba=commit%3Bh=79b579c92afc08ab12c0a5788d61f2dd2934836f	Broken Link
http://android.git.kernel.org/?p=platform/system/vold.git%3Ba=commit%3Bh=c51920c82463b240e2be0430849837d6fdc5352e	Broken Link
http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421	Broken Link
http://www.androidpolice.com/2011/05/03/google-patches-gingerbreak-exploit-but-dont-worry-we-still-have-root-for-now	Media Coverage
https://exchange.xforce.ibmcloud.com/vulnerabilities/67977	Third Party Advisory

URL	Date	SRC
http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html	2024-08-06
http://forum.xda-developers.com/showthread.php?t=1044765	2024-08-06
http://xorl.wordpress.com/2011/04/28/android-vold-mpartminors-signedness-issue	2024-08-06

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				>= 2.0 < 2.3.4 Search vendor "Google" for product "Android" and version " >= 2.0 < 2.3.4"		-		Affected
Google Search vendor "Google"		Android Search vendor "Google" for product "Android"				3.0 Search vendor "Google" for product "Android" and version "3.0"		-		Affected