PatchSiren cyber security CVE debrief

CVE-2017-0419 Google CVE debrief

CVE-2017-0419 is a high-severity Android elevation-of-privilege vulnerability in Audioserver. According to the published advisory and NVD record, a local malicious application could use the issue to execute arbitrary code within the context of a privileged process, gaining capabilities that are not normally available to third-party apps. The vulnerability was published on 2017-02-08 and affects multiple Android versions, including 4.4.4 through 7.1.1.

Vendor: Google
Product: CVE-2017-0419
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-08
Original CVE updated: 2026-05-13
Advisory published: 2017-02-08
Advisory updated: 2026-05-13

Who should care

Android device owners and administrators, OEM security teams, mobile device management (MDM) operators, and app security teams should care most. The issue matters wherever untrusted apps can be installed, because the attack requires local app execution and targets a privileged system component.

Technical summary

NVD describes the weakness as an elevation-of-privilege issue in Audioserver with CVSS 3.0 vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, reflecting local access, low attack complexity, no privileges required, and user interaction. The source corpus does not provide a detailed root-cause analysis, and NVD classifies the weakness as NVD-CWE-noinfo. The affected set in NVD spans many Android releases, including 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1, and the vendor advisory is referenced in the Android security bulletin for 2017-02-01.

Defensive priority

High. The issue is local but can lead to privilege escalation inside a privileged process, with high impact to confidentiality, integrity, and availability per the CVSS vector. Broad version coverage and the presence of a vendor advisory make timely patching important.

Recommended defensive actions

Apply the Android security updates referenced in the 2017-02-01 Android security bulletin as soon as practical.
Verify fleet exposure across all affected Android versions listed by NVD, especially devices still running older supported builds.
Prioritize remediation on devices that allow sideloading or have broad app installation rights, since the attack path requires a malicious local app.
Use MDM/compliance tooling to inventory patch levels and quarantine devices that cannot be updated.
Review app-install policies and trusted-source controls to reduce the chance of untrusted local apps being present on managed devices.

Evidence notes

The CVE record supplied in the corpus states that the issue affects Android and that a local malicious application could execute arbitrary code in the context of a privileged process. The NVD record provides the CVSS vector and affected CPEs, and the Android vendor advisory is referenced by URL in the source metadata. Timing context: the CVE was published on 2017-02-08 and later modified on 2026-05-13 in the provided timeline; those dates come from the supplied record, not from this debrief generation time.

Official resources

CVE-2017-0419 CVE record
CVE.org
CVE-2017-0419 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

The CVE was published on 2017-02-08 and the supplied record shows a later modified date of 2026-05-13. The vendor advisory referenced in the source corpus is dated 2017-02-01. These dates are included for timing context only and should not,