PatchSiren cyber security CVE debrief

CVE-2017-0433 Google CVE debrief

CVE-2017-0433 is a high-severity elevation-of-privilege issue affecting Android-related builds and Linux kernel 3.10 systems that use the Synaptics touchscreen driver. According to the published description, a local malicious app could execute arbitrary code within the context of the touchscreen chipset, but the issue first requires compromising a privileged process. NVD ties the issue to Android versions up to 7.1.1 and lists an Android security bulletin patch reference.

Vendor: Google
Product: CVE-2017-0433
CVSS: HIGH 7
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-08
Original CVE updated: 2026-05-13
Advisory published: 2017-02-08
Advisory updated: 2026-05-13

Who should care

Android OEMs and device maintainers, kernel/driver teams, mobile security operations, and fleet administrators managing affected Android builds or Linux kernel 3.10 systems, especially where Synaptics touchscreen drivers are present.

Technical summary

NVD describes the flaw as a local attack with high complexity and no privileges required at the point of exploitation, but with required user interaction in the attack chain and a scope limited to the vulnerable component. The practical impact is elevation of privilege leading to arbitrary code execution in the touchscreen chipset context. The supplied corpus also links the issue to Android Security Bulletin 2017-02-01 and to affected CPEs including Android up to 7.1.1 and Linux kernel 3.10.

Defensive priority

High. Prioritize remediation for affected Android and kernel 3.10 devices because the issue enables privilege escalation and arbitrary code execution in a sensitive hardware-adjacent component, and a vendor patch reference is available in the Android security bulletin.

Recommended defensive actions

Apply the Android security bulletin fixes referenced for CVE-2017-0433 and verify that affected device builds are updated.
Inventory devices and firmware that use Synaptics touchscreen drivers, including Android 7.1.1-era builds and Linux kernel 3.10 deployments.
Coordinate with OEMs or firmware vendors for driver and kernel updates where the fix is delivered outside standard OS updates.
Treat the issue as a local privilege-escalation risk and review least-privilege boundaries for privileged processes on affected devices.
After patching, confirm remediation by checking build versions, vendor security bulletins, and device update status across the fleet.

Evidence notes

The debrief is based on the supplied CVE description, NVD record, and Android bulletin reference. NVD lists vulnerable CPEs for Android through 7.1.1 and Linux kernel 3.10, and references https://source.android.com/security/bulletin/2017-02-01.html as a patch/vendor advisory. The CVE was published on 2017-02-08 and the NVD record was last modified on 2026-05-13.

Official resources

CVE-2017-0433 CVE record
CVE.org
CVE-2017-0433 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory

CVE published: 2017-02-08T15:59:01.473Z. Vendor bulletin reference date in the supplied corpus: 2017-02-01. NVD record last modified: 2026-05-13T00:24:29.033Z.