VYPR
High severity7.0NVD Advisory· Published Jul 7, 2017· Updated Jun 17, 2026

CVE-2014-7953

CVE-2014-7953

Description

Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Google/Android2 versions
    cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
    • (no CPE)range: 4.4.4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.