The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Privilege Escalation
Google
Superuser
Android
NVD
VulDB
CVSS 2.0
7.6
EPSS
0.2%