PatchSiren cyber security CVE debrief

CVE-2017-0429 Google CVE debrief

CVE-2017-0429 is a local elevation-of-privilege issue in the NVIDIA GPU driver used on Android devices. According to the supplied NVD record and Android security bulletin reference, a malicious local application could execute arbitrary code in kernel context, which raises the impact from ordinary app compromise to possible full device compromise. The source corpus rates the issue as High by CVSS v3.0 (7.8) and also describes the practical risk as critical because recovery may require reflashing the operating system.

Vendor: Google
Product: CVE-2017-0429
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-08
Original CVE updated: 2026-05-13
Advisory published: 2017-02-08
Advisory updated: 2026-05-13

Who should care

Android device owners and administrators, OEMs, mobile fleet managers, and security teams responsible for devices that use NVIDIA GPU drivers or older Android/Linux kernel builds. This is especially relevant where untrusted apps can be installed or where devices are not promptly receiving vendor security updates.

Technical summary

The NVD record identifies a kernel-context code execution path in the NVIDIA GPU driver. The supplied CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack conditions and user interaction requirements, but with high confidentiality, integrity, and availability impact once triggered. NVD maps affected products to Android up to 7.1.1 and Linux kernel 3.10. The cited weakness is CWE-787 (out-of-bounds write).

Defensive priority

High priority for patching on any in-scope Android device or embedded system using the affected NVIDIA GPU driver. Because the attack requires local execution and user interaction, it is not typically an internet-worm style issue, but successful exploitation could lead to kernel-level compromise and persistent remediation costs.

Recommended defensive actions

Apply the vendor security updates referenced by the Android security bulletin and NVIDIA advisory as soon as they are available for the affected device model.
Inventory Android devices and embedded systems using NVIDIA GPU drivers, with special attention to older Android builds and Linux kernel 3.10 systems.
Restrict installation of untrusted applications and enforce mobile application allowlisting where possible.
Use managed device controls to reduce exposure to risky app sources and to ensure timely security patch deployment.
Monitor for repeated kernel crashes, driver faults, or unusual instability that could indicate abuse of a graphics-driver memory-safety issue.
Retire or isolate devices that cannot receive security updates for the affected driver stack.

Evidence notes

The supplied corpus ties the issue to an Android GPU driver flaw with kernel-code-execution impact. NVD shows publication on 2017-02-08 and a later metadata modification on 2026-05-13; those later timestamps are record maintenance, not the original issue date. The corpus also lists affected CPEs for Android up to 7.1.1 and Linux kernel 3.10, with CWE-787 as the weakness classification.

Official resources

CVE-2017-0429 CVE record
CVE.org
CVE-2017-0429 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

CVE-2017-0429 was published on 2017-02-08. The source corpus shows a later NVD metadata modification on 2026-05-13, which should not be treated as the vulnerability date.