CVE-2017-13209

HIGH

Android 8.0-8.1 - Unauthenticated Missing Authorization in ServiceManager::add

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-13209. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a race condition in the Android hardware service manager to bypass SELinux access controls, allowing an attacker to replace critical system services. The PoC demonstrates hijacking the 'IBase' service by manipulating process PIDs during binder transactions.

Description

In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdosandroid
https://www.exploit-db.com/exploits/43513

This exploit leverages a race condition in the Android hardware service manager to bypass SELinux access controls, allowing an attacker to replace critical system services. The PoC demonstrates hijacking the 'IBase' service by manipulating process PIDs during binder transactions.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Android hardware service manager (hwbinder) on versions up to 8.0.0_r4
No auth needed
Prerequisites: Access to the 'hwbinder' and 'Token Manager' services · Ability to fork processes and manipulate PIDs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-01-01
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102415
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040106
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43513/

Scores

CVSS v3 7.8
EPSS 0.0077
EPSS Percentile 50.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (2)
google/android 8.0
google/android 8.1
Published Jan 12, 2018
Tracked Since Feb 18, 2026