CVE-2012-4220

Google Android - Denial of Service

Title source: rule

Description

diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments in a local diagchar_ioctl call.

Exploits (2)

nomisec WORKING POC 16 stars

by poliva · poc

https://github.com/poliva/root-zte-open

View Code ZIP pw:eip

nomisec WORKING POC 12 stars

by hiikezoe · poc

https://github.com/hiikezoe/diaggetroot

View Code ZIP pw:eip

References (2)

Core 2

Core References

Various Sources x_refsource_confirm

https://www.codeaurora.org/projects/security-advisories/multiple-issues-diagkgsl-system-call-handling-cve-2012-4220-cve-2012

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/702452

Scores

EPSS 0.1784

EPSS Percentile 95.2%

Details

Status published

Products (22)

google/android 2.3 (2 CPE variants)

google/android 2.3.1

google/android 2.3.2

google/android 2.3.3

google/android 2.3.4

google/android 2.3.5

google/android 2.3.6

google/android 2.3.7

google/android 3.0

google/android 3.1

... and 12 more

Published Nov 30, 2012

Tracked Since Feb 18, 2026