It has been reported that the android.permission.CHANGE_WIFI_PASSWORD permission is required to exploit this issue. It has been reported that the android.permission.CHANGE_WIFI_PASSWORD permission is required to exploit this issue. CVE-2017-13168 It has been reported that a race condition exists in the handling of socket messages that could lead to information disclosure. This has been mitigated by the introduction of the recvmsg system call in version 3.2 of the Linux kernel. CVE-2017-18004 It has been reported that the ftrace subsystem of the Linux kernel exposes sensitive information from ftrace dumps. CVE-2017-18005 It has been reported that the proc_keys subsystem of the Linux kernel does not validate component ids for DMA masks, allowing a potential information leak. CVE-2017-18006 It has been reported that the mount system call in the Linux kernel does not check for the existence of an init_mounts structure before attempting to unmount a setuid root directory. This could allow local users to bypass intended access restrictions by calling mount with the -o option and then unmounting their own directory. CVE-2017-18007 It has been reported that the mprotect system call in the Linux kernel does not properly set component length values duringcertain operations, allowing a local user to obtain potentially sensitive information from uninitialized stack data by executing a crafted program. CVE-2017-

Check the Android version before starting any task

Before you start any task, make sure your Android device is running on the latest update.
To check if your device is up to date visit Settings -> About Phone -> System Updates and make sure that there a new version available.

How to exploit the issue?

In order to exploit this issue, an attacker must be able to execute commands as root.
An attacker could exploit this issue by tricking a user into installing a malicious application that has the android.permission.CHANGE_WIFI_PASSWORD permission. This malicious application would then cause the permissions for the wifi service to change (e.g., from android.permission.CHANGE_WIFI_STATE to android.permission.CHANGE_WIFI_PASSWORD).

Timeline

Published on: 11/17/2022 23:15:00 UTC
Last modified on: 11/22/2022 16:07:00 UTC

References