Attacker Value
Very Low
(1 user assessed)
Exploitability
Low
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

Calling getpidcon for One Way Binder Transactions Returns Wrong Security Context

Last updated February 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The servicemanager, keystore and drmserver all use getpidcon function to get the security context of the caller from a binder. When combined with a one way binder transaction this results in getting the security context of the current process which might allow a selinux mac bypass.

Add Assessment

1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Low
Technical Analysis

Unrealistic privilege escalation scenario, fixed in AOSP 2 years ago, but maybe usable in older versions.

General Information

Additional Info

Technical Analysis