CVE-2023-46139

Name of the Vulnerable Software and Affected Versions KernelSU versions 0.6.1 through 0.6.x

Description The issue arises from a flaw in the signature verification logic of KernelSU, allowing malware with specially constructed app signing blocks to gain root privileges on infected devices. This occurs because the verification logic obtains the signature of the last block with an id of 0x7109871a, whereas during Android installation, it obtains the first one. Additionally, there are problems with signature downgrading, where KernelSU mistakenly identifies a V1 signature as V2. This can lead to a situation where the signature is not found, but KernelSU believes a V2 signature exists, while the actual verification uses a V1 signature.

Recommendations For KernelSU versions 0.6.1 through 0.6.x, update to version 0.7.0 to resolve the issue. As a temporary workaround, keep the KernelSU manager installed and avoid installing unknown apps to minimize the risk of exploitation.