CM9 RC1 is supposed to be running 4.0.4, right? Shouldn't that have been patched already? Though it also appears they have some bigger issues, like everything you type going out to the debug logs, passwords included.
If anyone can quickly point me at the CM9 kernel source, I can verify whether or not this is actually patched.
The vulnerability is looking checking to see if the mem_write() function is functional (where the vulnerability was present), which was removed/disabled by upstream AOSP.
