CVE-2011-1823 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2011-1823?

CVE-2011-1823 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-1823?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android.

Vulnerability Description

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Android	>= 2.0, < 2.3.4

Related Weaknesses (CWE)

CWE-190

References

http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=b620a0bBroken Link
http://android.git.kernel.org/?p=platform/system/netd.git%3Ba=commit%3Bh=79b579cBroken Link
http://android.git.kernel.org/?p=platform/system/vold.git%3Ba=commit%3Bh=c51920cBroken Link
http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421/Broken Link
http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.htmlExploitIssue Tracking
http://forum.xda-developers.com/showthread.php?t=1044765ExploitIssue Tracking
http://www.androidpolice.com/2011/05/03/google-patches-gingerbreak-exploit-but-dPress/Media Coverage
http://xorl.wordpress.com/2011/04/28/android-vold-mpartminors-signedness-issue/Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/67977Third Party AdvisoryVDB Entry
http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=b620a0bBroken Link
http://android.git.kernel.org/?p=platform/system/netd.git%3Ba=commit%3Bh=79b579cBroken Link
http://android.git.kernel.org/?p=platform/system/vold.git%3Ba=commit%3Bh=c51920cBroken Link
http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421/Broken Link
http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.htmlExploitIssue Tracking
http://forum.xda-developers.com/showthread.php?t=1044765ExploitIssue Tracking

FAQ

What is CVE-2011-1823?

CVE-2011-1823 is a vulnerability with a CVSS score of 7.8 (HIGH). The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileg...

How severe is CVE-2011-1823?

CVE-2011-1823 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1823?

Check the references section above for vendor advisories and patch information. Affected products include: Google Android.