CVE-2014-7953

HIGH

Android 4.4.4 - Race Condition in ActivityManagerService bindBackupAgent

Title source: llm

Description

Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000.

References (4)

Core 4

Core References

Patch x_refsource_confirm

https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E%21/

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/535296/100/1100/threaded

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2015/Apr/52

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/74213

Scores

CVSS v3 7.0

EPSS 0.0031

EPSS Percentile 22.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362

Status published

Products (1)

google/android 4.4.4

Published Jul 07, 2017

Tracked Since Feb 18, 2026