[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2017-0553Date: (C)2017-04-11   (M)2023-12-22


An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.0CVSS Score : 7.6
Exploit Score: 1.0Exploit Score: 4.9
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: HIGH
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1038201
BID-97340
FEDORA-2017-34f6e70fdd
FEDORA-2017-7a5363b41d
RHSA-2017:2299
USN-3311-1
USN-3311-2
http://lists.infradead.org/pipermail/libnl/2017-May/002313.html
http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
https://source.android.com/security/bulletin/2017-04-01

CPE    11
cpe:/o:google:android:5.1
cpe:/o:google:android:6.0
cpe:/o:google:android:7.0
cpe:/o:google:android:6.0.1
...
CWE    1
CWE-190
OVAL    11
oval:org.secpod.oval:def:505767
oval:org.secpod.oval:def:204693
oval:org.secpod.oval:def:204597
oval:org.secpod.oval:def:204599
...

© SecPod Technologies