CVE-2019-1010221

Summary

LineageOS 16.0 and earlier is affected by: Incorrect Access Control. The impact is: The property checked by adb root can also be set in a normal adb shell session. The component is: adb shell (patches to fix this are at https://review.lineageos.org/c/LineageOS/android_system_core/+/234800, https://review.lineageos.org/c/LineageOS/android_device_lineage_sepolicy/+/234799). The attack vector is: When adb is enabled, and an attacker has physical access, adb shell setprop service.adb.root 1 allows restarting adb as root.

Affected Software

VendorProductVersion RangeStatus
LineageOSLineageOS16.0 and earlieraffected

Weaknesses

  • Incorrect Access Control

ADP Enrichment

CVE Program Container

Additional References

References