Arbitrary Code Execution and Root Privilege Escalation via vold Volume Manager Daemon on Android 3.0 and 2.x

Arbitrary Code Execution and Root Privilege Escalation via vold Volume Manager Daemon on Android 3.0 and 2.x

CVE-2011-1823 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.

Learn more about our Cis Benchmark Audit For Google Android.