High
Google Android could allow a local authenticated attacker to bypass security restrictions, caused by improper access control by the vold’s IPC handlers related to incremental-fs (“mountIncFs”, “unmountIncFs”, “bindMount”). By executing a specially-crafted program, an attacker could exploit this vulnerability to allow “system_server” to trigger mounting on directories, not under system_server control
Upgrade to the latest version of Android, available from the Google Web site.