Main Vulnerability Database Vulnerabilities #VU43102

Buffer overflow in Google Android - CVE-2011-1352

Published: February 5, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU43102

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2011-1352

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.

How to mitigate CVE-2011-1352

Install update from vendor's website.

Sources

http://code.google.com/p/android/issues/detail?id=21523
http://jon.oberheide.org/files/levitator.c

Buffer overflow in Google Android - CVE-2011-1352

Detailed vulnerability description

How to mitigate CVE-2011-1352

Sources

Please verify you're human