CVE-2017-0581

Name of the Vulnerable Software and Affected Versions Android versions prior to Kernel-3.18

Description The issue is related to an elevation of privilege vulnerability in the Synaptics Touchscreen driver, which could allow a remote attacker to elevate their privileges and execute arbitrary code within the context of the kernel using a local malicious application. This is made possible by insufficient access control to certain functions. The issue is rated as High because it first requires compromising a privileged process.

Recommendations For Android versions prior to Kernel-3.18, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Synaptics Touchscreen driver until a patch is available.