AndroidVulnerabilities.org

Gingerbreak

(json)

• CVE numbers: CVE-2011-1823 [CVE-2011-1823]
• Coordinated disclosure?: false
• Categories: system
• Details: The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges [citation-needed]
• Discovered by: The Android Exploid Crew [citation-needed] on: Unknown
• Reported on: 2011-04-21 [c-skills-gingerbreak][archived], 2011-04-21 [xda-forum-gingerbreak]
• Fixed on: 2011-04-18 [patch-vold-gingerbreak], 2011-04-18 [patch-netd-gingerbreak], 2011-04-18 [patch-core-gingerbreak]
• Fix released on: 2011-04-29 [productforums-ard-2.3.4]
• Affected versions: 2.2, 2.3, 2.3.1, 3.0 [citation-needed] regex: (2.(([0-2].[0-9])|(3.[0-3])))|(3.0.[0-9])
• Affected devices: all [citation-needed]
• Affected manufacturers: all [citation-needed]
• Fixed versions: 2.3.4 [tag-android-2.3.4_r1], 3.1 [ard-dev-3.1-release][archived]
• Submission: by: Daniel R. Thomas, on: 2013-09-02