CVE-2014-2312
Description
The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
Root cause
"The thermald daemon opens a PID file in /tmp without proper protections, allowing a symlink attack."
Attack vector
A local attacker can exploit this vulnerability by creating a symbolic link in `/tmp` that points to a sensitive file. The thermald daemon, running with root privileges, will then write its PID to the file specified by the symbolic link, effectively overwriting the target file with the PID. This is possible on systems lacking specific protections against symlink attacks in world-writable directories [ref_id=2].
Affected code
The vulnerability exists in the `daemonize` function within `src/android_main.cpp`. Specifically, the `open()` call on the `pidfile` argument, which is set to `/tmp/thermald.pid` by default, allows for the symlink attack [ref_id=2].
What the fix does
The advisory does not provide details on a specific patch. However, it implies that systems with Openwall-inspired symlink and hardlink protections in world-writable directories are not affected. Remediation would involve ensuring that the PID file is created with appropriate permissions or in a more secure location to prevent overwriting by symbolic links [ref_id=2].
Preconditions
- inputThe attacker must have local access to the system.
- configThe system must be vulnerable to symlink attacks in world-writable directories like /tmp.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- www.openwall.com/lists/oss-security/2014/03/08/4mitremailing-listx_refsource_MLIST
- www.openwall.com/lists/oss-security/2014/03/09/2mitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.