CVE-2017-0410 Google CVE debrief

Who should care

Android device owners and fleet operators, mobile security teams, OEM/update managers, and app-allowlist/MDM administrators should care most. The risk is highest for environments that support user-installed apps on devices running affected Android versions.

Technical summary

NVD describes the flaw as an elevation-of-privilege issue in Android Framework APIs that could allow a local malicious application to execute arbitrary code in the context of a privileged process. NVD assigns CVSS 3.0 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and lists CWE-190 as the primary weakness. The affected versions in the supplied corpus are Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1.

Defensive priority

High. The attack requires local access and user interaction, but the impact is privileged code execution on affected Android builds, which warrants prompt patching and fleet verification.

Recommended defensive actions

• Apply the Android security bulletin updates referenced for this issue to all affected devices as soon as vendor builds are available.
• Inventory Android devices and confirm none remain on the affected versions listed in the CVE record (5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1).
• Use MDM, app-allowlisting, or similar controls to reduce the chance of untrusted application installation on exposed devices.
• Prioritize remediation for devices that handle sensitive data or have elevated enterprise access.
• Retire, isolate, or closely manage devices that cannot receive security updates.

Evidence notes

Timing context: the CVE was published on 2017-02-08 and the supplied NVD record was modified on 2026-05-13; the modification date is not the issue date. The supplied official references include the Android security bulletin (source.android.com/security/bulletin/2017-02-01.html), and the NVD record enumerates the affected Android versions and CVSS/CWE metadata used in this debrief.

Official resources