VYPR
High severity7.8CISA KEVNVD Advisory· Published Jun 9, 2011· Updated Jun 16, 2026

CVE-2011-1823

CVE-2011-1823

Description

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Google/Android3 versions
    cpe:2.3:o:google:android:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:google:android:*:*:*:*:*:*:*:*range: >=2.0,<2.3.4
    • cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:*
    • (no CPE)range: <2.3.4

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.