vold asec

CVE numbers:
Coordinated disclosure?: true
Categories: system
Details: Insufficient paramter checking for asec container creation allows an asec container to be mounted over part of the filesystem using directory traversal if the app has the ASEC_* permissions such as ASEC_CREATE [cassidian-vold-asec] There is an adb tethered root explot for motorola phones [xda-developers-pie-exploit]
Discovered by: Justin Case (jcase) [android-paper] on: Unknown
Reported on: 2014-06-03 [cassidian-vold-asec]
Fixed on: 2014-01-27 [vold-asec-patch]
Fix released on: 2014-06-02 [android-4.4.3_r1]
Affected versions: 2.2.1_r1-4.4.2 [vold-asec-implementation][cassidian-vold-asec] regex: (2.((2.[1-9])|([3-9].[0-9])))|(3.[0-9].[0-9])|(4.(([0-3].[0-9])|(4.[0-2])))
Affected devices: Motorola devices [xda-developers-pie-exploit], Proper SEAndroid policies do block this, Nexus 5, Samsung S4/5/Note3, LG Flex, Sony Z2 devices etc should have this mitigated. Nexus 4 if it hasn't been updated to 4.4.3 nor reset since OTA to 4.4 [plus-jcase-pie]
Affected manufacturers: all [vold-asec-implementation]
Fixed versions: 4.4.3 [cassidian-vold-asec]
Submission: by: Daniel R. Thomas, on: 2014-07-16; by: Laurent Simon, on: 2014-06-04; by: Laurent Simon, on: 2015-10-09; by: Daniel Carter, on: 2019-07-08

AndroidVulnerabilities.org