CVE-2011-1350

Android < 2.3.6 - Information Exposure via PowerVR SGX Driver Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1350. PoCs published by Geremy Condra.

AI-analyzed exploit summary This exploit leverages CVE-2011-1350 (info leak) and CVE-2011-1352 (kernel memory corruption) in the PowerVR SGX driver to escalate privileges on Android < 2.3.6. It dumps kernel memory, poisons dev_attr_ro pointers, and triggers a root shell via a sysfs attribute.

Description

The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Geremy Condra · cremoteandroid
https://www.exploit-db.com/exploits/38310

This exploit leverages CVE-2011-1350 (info leak) and CVE-2011-1352 (kernel memory corruption) in the PowerVR SGX driver to escalate privileges on Android < 2.3.6. It dumps kernel memory, poisons dev_attr_ro pointers, and triggers a root shell via a sysfs attribute.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Android < 2.3.6 with PowerVR SGX driver
No auth needed
Prerequisites: Access to /dev/pvrsrvkm · Kernel symbols in /proc/kallsyms
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Various Sources x_refsource_misc
http://jon.oberheide.org/files/levitator.c
Vendor Advisory x_refsource_confirm
http://code.google.com/p/android/issues/detail?id=21522

Scores

EPSS 0.0111
EPSS Percentile 61.5%

Details

CWE
CWE-200
Status published
Products (17)
google/android 1.0
google/android 1.1
google/android 1.5
google/android 1.6
google/android 2.0
google/android 2.0.1
google/android 2.1
google/android 2.2
google/android 2.2.1
google/android 2.2.2
... and 7 more
Published Feb 05, 2013
Tracked Since Feb 18, 2026