CVE-2012-4220

Android 2.3-4.2 - Remote Code Execution or Denial of Service via diagchar_ioctl

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4220. PoCs published by poliva, hiikezoe.

AI-analyzed exploit summary This is a working exploit for CVE-2012-4220 targeting ZTE Open devices. It leverages a vulnerability in the diag driver to achieve local privilege escalation by manipulating kernel memory addresses.

Description

diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments in a local diagchar_ioctl call.

Exploits (2)

nomisec WORKING POC 16 stars
by poliva · poc
https://github.com/poliva/root-zte-open

This is a working exploit for CVE-2012-4220 targeting ZTE Open devices. It leverages a vulnerability in the diag driver to achieve local privilege escalation by manipulating kernel memory addresses.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: ZTE Open (specific builds listed in code)
No auth needed
Prerequisites: Physical or local access to the device · Specific device and build ID match
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 12 stars
by hiikezoe · poc
https://github.com/hiikezoe/diaggetroot

This exploit targets CVE-2012-4220, a local privilege escalation vulnerability in Android devices by injecting a malicious uevent_helper path via the diag driver. It supports specific device models and builds, and includes native code to achieve root access.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Android devices (specific models: F-03D, SC-05D, SO-05D, IS17SH)
No auth needed
Prerequisites: Physical or local access to the target device · Specific device model and build ID
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/702452

Scores

EPSS 0.0303
EPSS Percentile 85.8%

Details

Status published
Products (22)
google/android 2.3 (2 CPE variants)
google/android 2.3.1
google/android 2.3.2
google/android 2.3.3
google/android 2.3.4
google/android 2.3.5
google/android 2.3.6
google/android 2.3.7
google/android 3.0
google/android 3.1
... and 12 more
Published Nov 30, 2012
Tracked Since Feb 18, 2026