CVE-2023-49794

KernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/tiann/KernelSU/security/advisories/GHSA-8rc5-x54x-5qc4	Exploit Vendor Advisory
https://drive.google.com/file/d/1b9UrmG_co9EJXB_yMBneRArUIR5sTuaN/view?usp=drive_link	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:kernelsu:kernelsu:*:*:*:*:*:*:*:*

History

08 Jan 2024, 19:37

Type	Values Removed	Values Added
First Time		Kernelsu Kernelsu kernelsu
CPE		cpe:2.3:a:kernelsu:kernelsu::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~() https://github.com/tiann/KernelSU/security/advisories/GHSA-8rc5-x54x-5qc4 -~~	() https://github.com/tiann/KernelSU/security/advisories/GHSA-8rc5-x54x-5qc4 - Exploit, Vendor Advisory
References	~~() https://drive.google.com/file/d/1b9UrmG_co9EJXB_yMBneRArUIR5sTuaN/view?usp=drive_link -~~	() https://drive.google.com/file/d/1b9UrmG_co9EJXB_yMBneRArUIR5sTuaN/view?usp=drive_link - Product

02 Jan 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-02 20:15

Updated : 2024-01-08 19:37

NVD link : CVE-2023-49794

Mitre link : CVE-2023-49794

JSON object : View

Products Affected

kernelsu

kernelsu

CWE

CWE-290

Authentication Bypass by Spoofing

7.8 /10