PatchSiren cyber security CVE debrief

CVE-2017-0444 Google CVE debrief

CVE-2017-0444 is a high-severity elevation-of-privilege issue in the Realtek sound driver used by Android. According to the published description, a local malicious application could execute arbitrary code in kernel context. NVD associates the issue with Android versions up to 7.1.1 and Linux kernel 3.10, and the vendor advisory is linked from the Android security bulletin.

Vendor: Google
Product: CVE-2017-0444
CVSS: HIGH 7
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-08
Original CVE updated: 2026-05-13
Advisory published: 2017-02-08
Advisory updated: 2026-05-13

Who should care

Android OEMs, device maintainers, kernel and driver engineers, and security teams responsible for Android fleets should care most. Any environment that still runs affected Android builds or includes the referenced kernel/driver combination should treat this as a meaningful local privilege-escalation risk.

Technical summary

The vulnerability is described as an elevation of privilege in the Realtek sound driver. The impact is kernel-context code execution from a local malicious application. NVD records a CVSS 3.0 vector of AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H and marks the weakness as NVD-CWE-noinfo. The NVD CPE data lists Android up to 7.1.1 and Linux kernel 3.10 as vulnerable targets.

Defensive priority

High. Kernel-level privilege escalation can materially increase the impact of a local foothold, even though the attack requires local access and user interaction per the NVD vector.

Recommended defensive actions

Confirm whether any in-scope Android devices or builds include the affected Realtek sound driver or the referenced kernel line.
Apply the Android security bulletin fixes referenced by the vendor advisory for affected devices.
Prioritize removal, upgrade, or replacement of unmaintained Android/kernel builds that still match the vulnerable CPE ranges.
Restrict installation of untrusted applications and review device hardening controls that reduce local app execution paths.
Validate fleet exposure using device inventory and patch-level reporting rather than assuming all Android builds are unaffected.

Evidence notes

The description states that a local malicious application could execute arbitrary code within kernel context and identifies the issue as an elevation of privilege in the Realtek sound driver. NVD metadata links the vendor advisory at source.android.com/security/bulletin/2017-02-01.html and lists vulnerable CPEs for Android up to 7.1.1 and Linux kernel 3.10. The NVD record also shows CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H and NVD-CWE-noinfo.

Official resources

CVE-2017-0444 CVE record
CVE.org
CVE-2017-0444 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Published 2017-02-08. The source record was last modified on 2026-05-13. The Android vendor advisory referenced by NVD is dated 2017-02-01.