Back to KEVs

CVE-2011-1823

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 20, 2011
Published Date
June 09, 2011
Last Updated
February 07, 2025
Vendor
Google
Product
Android
Description
The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.
Tags
android cisa

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2022-09-08 00:00:00 UTC) Source

References

http://android.git.kernel.org/?p=platform/system/netd.git%3Ba=commit%3Bh=79b579c92afc08ab12c0a5788d61f2dd2934836f http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=b620a0b1c7ae486e979826200e8e441605b0a5d6 http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421/ http://android.git.kernel.org/?p=platform/system/vold.git%3Ba=commit%3Bh=c51920c82463b240e2be0430849837d6fdc5352e http://xorl.wordpress.com/2011/04/28/android-vold-mpartminors-signedness-issue/ https://exchange.xforce.ibmcloud.com/vulnerabilities/67977 http://www.androidpolice.com/2011/05/03/google-patches-gingerbreak-exploit-but-dont-worry-we-still-have-root-for-now/ http://forum.xda-developers.com/showthread.php?t=1044765

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-09-08 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel