PT-2017-1914 · Google+3 · Android+3

Daxing Guo

Published

2017-04-07

Updated

2019-10-03

CVE-2017-0553

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Android versions 5.0.2 through 7.1.1

Description The issue is related to insufficient access control in the libnl service of the Android operating system. It allows a remote attacker to execute arbitrary code within the context of the Wi-Fi service using a local malicious application. This issue is rated as moderate because it requires compromising a privileged process and is mitigated by current platform configurations.

Recommendations For Android versions 5.0.2 through 7.1.1, update to a version that includes the fix for this issue, specifically to a version that utilizes libnl 3.3.0 or later. As a temporary workaround, consider restricting access to the Wi-Fi service to minimize the risk of exploitation.

Fix

LPE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-190

Related Identifiers

BDU:2017-01074

CESA-2017_2299

CVE-2017-0553

DLA-891-1

DLA-892-1

MGASA-2017-0158

RHSA-2017:2299

RHSA-2017_2299

USN-3311-1

USN-3311-2

Affected Products

Android

Centos

Red Hat

Ubuntu

PT-2017-1914 · Google+3 · Android+3

CVE-2017-0553

Weakness Enumeration

Related Identifiers

Affected Products

References · 26