CVE-2019-1010221 Information
Feb 14, 2021
cve
Description
LineageOS 16.0 and earlier is affected by: Incorrect Access Control. The impact is: The property checked by adb root can also be set in a normal adb shell session. The component is: adb shell (patches to fix this are at https://review.lineageos.org/c/LineageOS/android_system_core/+/234800 https://review.lineageos.org/c/LineageOS/android_device_lineage_sepolicy/+/234799). The attack vector is: When adb is enabled and an attacker has physical access adb shell setprop service.adb.root 1 allows restarting adb as root.
CVSS Vector
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://gist.github.com/zifnab06/e31ad63596b63a95e061bfe1f49ff0a7
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
6.8
Share on: