Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Android vold volume管理器守护程序内存破坏漏洞
Vulnerability Description
Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。 Android 2.2.3版本的vold volume管理器守护程序信任从PF_NETLINK套接字接收的消息。本地用户可以借助负索引执行任意代码并获取根权限,该索引绕过了DirectVolume::handlePartitionAdded方法中的maximum-only整数检查机制,可触发内存破坏。
CVSS Information
N/A
Vulnerability Type
N/A