CVE-2017-0411 Google CVE debrief

Who should care

Android device owners and fleet administrators, OEM and MDM teams, and security teams managing devices that can install untrusted or sideloaded apps.

Technical summary

The issue is an elevation of privilege path in Android Framework APIs. NVD maps it to CWE-367 and rates it CVSS 3.0 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating local access plus user interaction are needed, but successful exploitation can lead to code execution inside a privileged process.

Defensive priority

High. This is not a remote wormable issue, but it crosses a privileged trust boundary on affected Android builds and can materially increase an attacker's capabilities on a device. Prioritize patching devices that still run the affected Android 7.x releases.

Recommended defensive actions

• Apply the Android security update referenced by the vendor bulletin and verify the device build includes the relevant fix level.
• Inventory Android devices to identify affected 7.x builds, including the versions listed by NVD.
• Restrict sideloading and untrusted app installation where policy allows, and enforce app distribution controls through MDM or platform settings.
• Review installed third-party apps on affected devices and remove anything suspicious or unnecessary until patching is complete.
• Use normal mobile security monitoring to watch for unexpected privileged-process behavior or unexplained app crashes on affected devices.

Evidence notes

The supplied CVE record was published on 2017-02-08 and last modified on 2026-05-13. NVD references the Android security bulletin at https://source.android.com/security/bulletin/2017-02-01.html and lists affected Android CPEs for 7.0, 7.1.0, and 7.1.1. The corpus also includes third-party references (SecurityFocus BID 96056, SecurityTracker 1037798) and an Exploit-DB entry; no exploit details are included here.

Official resources