Android vold Daemon Crafted FrameworkCommand Local Privilege Escalation (zergRush)
Mobile Phone / Hand-held Device
Loss of Integrity
Android is prone to an overflow condition. The vold daemon fails to properly sanitize user-supplied input when parsing specially crafted FrameworkCommands, causing a stack based buffer overflow. When the overflow occurs, the exploit returns to a chain of Return Oriented Exploitation (ROP) gaddgets that execute as root, escalating the attacker's privileges.
Upgrade to version Honeycomb (3.0) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.