PatchSiren cyber security CVE debrief

CVE-2017-0428 Google CVE debrief

CVE-2017-0428 is a local elevation-of-privilege issue in the NVIDIA GPU driver as used on Android. According to NVD, a malicious app on the device could reach kernel context, with the potential for arbitrary code execution and permanent device compromise. The vulnerability was published on 2017-02-08 and is rated critical in the source description, while NVD assigns CVSS 3.0 7.8 (HIGH).

Vendor: Google
Product: CVE-2017-0428
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-08
Original CVE updated: 2026-05-13
Advisory published: 2017-02-08
Advisory updated: 2026-05-13

Who should care

Android device owners, OEMs, fleet operators, and security teams responsible for devices that include the affected NVIDIA GPU driver or match the vulnerable Android/Linux kernel criteria in NVD metadata.

Technical summary

NVD describes the issue as a local privilege escalation in the NVIDIA GPU driver that may allow a malicious local application to execute arbitrary code in kernel context. The CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and NVD lists CWE-416 (Use After Free). The vulnerable CPE criteria in the supplied record include Android versions up to 7.1.1 and Linux kernel 3.10. The NVD reference set cites the Android Security Bulletin and an NVIDIA advisory reference.

Defensive priority

High — prioritize affected Android devices and any builds using the referenced NVIDIA GPU driver/kernel combination, because successful exploitation can lead to kernel-level compromise and potentially unrecoverable device impact.

Recommended defensive actions

Identify devices and builds that match the vulnerable Android or Linux kernel CPE criteria in NVD metadata.
Apply the Android security update referenced by the Android Security Bulletin and any vendor-specific GPU driver fix referenced by NVIDIA.
Validate whether your device fleet includes NVIDIA GPU driver components called out in the vendor and bulletin references.
Treat confirmed exposure as a high-priority endpoint hardening and patching issue because the impact includes kernel compromise.
If patching is not immediately available, restrict installation of untrusted apps and reduce local attack surface on exposed devices.
Reconfirm remediation against the affected build range after updates, especially for Android devices at or below the vulnerable versions listed by NVD.

Evidence notes

All claims are taken from the supplied NVD record and its cited references. The description states that a local malicious application could execute arbitrary code within kernel context and that the issue is critical due to possible local permanent device compromise requiring reflashing the operating system. NVD lists CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, CWE-416, and vulnerable CPE criteria for Android up to 7.1.1 and Linux kernel 3.10. The record also cites an NVIDIA advisory and the Android Security Bulletin 2017-02-01 as patch/vendor references.

Official resources

CVE-2017-0428 CVE record
CVE.org
CVE-2017-0428 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory

CVE published by NVD on 2017-02-08; the supplied NVD references point to the Android Security Bulletin for 2017-02-01 and an NVIDIA advisory.