CVE-2011-1350

Android <2.3.6 - Info Disclosure

Title source: llm

Description

The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Geremy Condra · cremoteandroid

https://www.exploit-db.com/exploits/38310

View Code ZIP pw:eip

References (2)

[Various Sources] http://jon.oberheide.org/files/levitator.c

[Vendor Advisory] http://code.google.com/p/android/issues/detail?id=21522

Scores

EPSS 0.0405

EPSS Percentile 88.5%

Details

CWE

CWE-200

Status published

Products (17)

google/android 1.0

google/android 1.1

google/android 1.5

google/android 1.6

google/android 2.0

google/android 2.0.1

google/android 2.1

google/android 2.2

google/android 2.2.1

google/android 2.2.2

... and 7 more

Published Feb 05, 2013

Tracked Since Feb 18, 2026