The Android operating system is affected by a zero-day privilege escalation bug residing in the V4L2 driver, Trend Micro’s Zero Day Initiative (ZDI) reveals.
V4L2 is a two-layer driver system for Linux that uses methods very similar to the regular Linux char driver methods, but with parameters specific for V4L2 drivers only. All V4L2 drivers are modules.
The discovered vulnerability resides in the manner in which the V4L2 driver on Android handles data.
“The specific flaw exists within the v4l2 driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this to escalate privileges in the context of the kernel,” ZDI says.
An attacker with access to a vulnerable device can exploit this security hole to escalate privileges.
If local access is not available, the attacker needs to first obtain the ability to execute low-privileged code on the target system, which would then allow them to exploit the vulnerability.
Although Google released a new set of patches for the Android platform only several days ago, this specific vulnerability remains unpatched.
Despite that, ZDI has decided to publish information on the security flaw, given that it first informed Google on its existence on March 13, 2019. The search giant informed ZDI that it plans on releasing a fix, but hasn’t provided details on when that might happen.
The vulnerability, ZDI says, has a CVSS score of 7.8. Its severity is likely diminished because local access is required for successful exploitation.
“Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it,” ZDI notes.
Related: Android’s September 2019 Patches Fix Nearly 50 Vulnerabilities
Related: Vulnerability in Network Provisioning Affects Majority of All Android Phones