Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The logic of get apk path in KernelSU module can be bypassed
Vulnerability Description
KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
KernelSU 安全漏洞
Vulnerability Description
kernelsu是一种基于内核的Android设备获取root权限的方案。 KernelSU 0.7.1及之前版本存在安全漏洞,该漏洞源于KernelSU内核模块中获取apk路径的逻辑可以被绕过,从而导致任何名为 me.weishu.kernelsu 的恶意apk都可以获得root权限。
CVSS Information
N/A
Vulnerability Type
N/A