Vulnerabilities > CVE-2011-1823 - Numeric Errors vulnerability in Google Android
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 11 |
Common Weakness Enumeration (CWE)
References
- http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421/
- http://forum.xda-developers.com/showthread.php?t=1044765
- http://xorl.wordpress.com/2011/04/28/android-vold-mpartminors-signedness-issue/
- http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html
- http://www.androidpolice.com/2011/05/03/google-patches-gingerbreak-exploit-but-dont-worry-we-still-have-root-for-now/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67977
- http://android.git.kernel.org/?p=platform/system/netd.git%3Ba=commit%3Bh=79b579c92afc08ab12c0a5788d61f2dd2934836f
- http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=b620a0b1c7ae486e979826200e8e441605b0a5d6
- http://android.git.kernel.org/?p=platform/system/vold.git%3Ba=commit%3Bh=c51920c82463b240e2be0430849837d6fdc5352e