CVE-2011-1823

Name: CVE-2011-1823
Creator: NVD / NIST
Published: 2011-06-09T10:36:27.68+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10Actively ExploitedEPSS 41.63%

Last modified Jun 16, 2026

CVE-2011-1823 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.. CISA has confirmed active exploitation in the wild. EPSS estimates a 41.63% chance of exploitation in the next 30 days.

Description

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

41.63%

98.5th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Sep 29, 2022.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Google	Android	>= 2.0, < 2.3.4
Google	Android	3.0

References

http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=b620a0b1c7ae486e979826200e8e441605b0a5d6Broken Link
http://android.git.kernel.org/?p=platform/system/netd.git%3Ba=commit%3Bh=79b579c92afc08ab12c0a5788d61f2dd2934836fBroken Link
http://android.git.kernel.org/?p=platform/system/vold.git%3Ba=commit%3Bh=c51920c82463b240e2be0430849837d6fdc5352eBroken Link
http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421/Broken Link
http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.htmlExploit, Issue Tracking
http://forum.xda-developers.com/showthread.php?t=1044765Exploit, Issue Tracking
http://www.androidpolice.com/2011/05/03/google-patches-gingerbreak-exploit-but-dont-worry-we-still-have-root-for-now/Press/Media Coverage
http://xorl.wordpress.com/2011/04/28/android-vold-mpartminors-signedness-issue/Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/67977Third Party Advisory, VDB Entry
http://android.git.kernel.org/?p=platform/system/core.git%3Ba=commit%3Bh=b620a0b1c7ae486e979826200e8e441605b0a5d6Broken Link
http://android.git.kernel.org/?p=platform/system/netd.git%3Ba=commit%3Bh=79b579c92afc08ab12c0a5788d61f2dd2934836fBroken Link
http://android.git.kernel.org/?p=platform/system/vold.git%3Ba=commit%3Bh=c51920c82463b240e2be0430849837d6fdc5352eBroken Link
http://androidcommunity.com/gingerbreak-root-for-gingerbread-app-20110421/Broken Link
http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.htmlExploit, Issue Tracking
http://forum.xda-developers.com/showthread.php?t=1044765Exploit, Issue Tracking
http://www.androidpolice.com/2011/05/03/google-patches-gingerbreak-exploit-but-dont-worry-we-still-have-root-for-now/Press/Media Coverage
http://xorl.wordpress.com/2011/04/28/android-vold-mpartminors-signedness-issue/Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/67977Third Party Advisory, VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-1823US Government Resource

Timeline

Published: Jun 9, 2011
Last Modified: Jun 16, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2011-1823?

How severe is CVE-2011-1823?

CVE-2011-1823 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 41.63% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2011-1823?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-1823?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST