CVE-2017-0422 Google CVE debrief

Who should care

Android OEMs, mobile platform operators, enterprise mobility teams, and defenders managing affected Android devices should prioritize this issue, especially where devices run the versions named in the CVE description: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1.

Technical summary

The NVD record lists CVSS 3.0 7.5 with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and CWE-20. The described impact is availability-only: a specially crafted network packet can trigger a hang or reboot in Bionic DNS on affected Android releases. The corpus does not indicate confidentiality or integrity impact, and no exploit details are provided.

Defensive priority

High — this is a remote, unauthenticated, no-user-interaction denial-of-service condition with direct availability impact across multiple Android releases.

Recommended defensive actions

• Apply the Android security bulletin and OEM-provided updates for affected devices as soon as they are available.
• Inventory device models and Android releases to identify systems matching the affected versions named in the CVE.
• Prioritize patching for devices that may receive untrusted network traffic or operate in exposed environments.
• Monitor fleets for unexpected hangs, reboots, or repeated service instability that could indicate exposure to this issue.
• If patching is delayed, reduce exposure to untrusted networks and use compensating controls until remediation is complete.

Evidence notes

This debrief is based on the supplied CVE description, the NVD record, and the Android security bulletin reference included in the source corpus. Timing context: the CVE was published on 2017-02-08T15:59:01.130Z. NVD assigns CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and CWE-20, which aligns with a remotely triggerable availability impact. The corpus includes official and third-party references but no KEV listing.

Official resources