CVE-2011-1823

HIGH KEV

Android <2.3.4 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2011-1823 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 8, 2022.

Description

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67977
Exploit, Issue Tracking x_refsource_misc
http://forum.xda-developers.com/showthread.php?t=1044765

Scores

CVSS v3 7.8
EPSS 0.3834
EPSS Percentile 97.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-09-08
VulnCheck KEV 2021-08-17
ENISA EUVD EUVD-2011-1821
CWE
CWE-190
Status published
Products (2)
google/android 3.0
google/android 2.0 - 2.3.4
Published Jun 09, 2011
KEV Added Sep 08, 2022
Tracked Since Feb 18, 2026