CVE-2017-0448 Google CVE debrief

Who should care

Android device owners, mobile security teams, OEMs, and administrators responsible for devices that include the NVIDIA video driver, especially systems aligned to the supplied Android 7.1.1 and Linux kernel 3.10 CPE coverage.

Technical summary

The supplied NVD record describes an information disclosure weakness mapped to CWE-200. The CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating a local attack that requires user interaction and primarily impacts confidentiality. The record references Android security bulletin guidance and lists affected Android and Linux kernel CPEs in the source corpus.

Defensive priority

Medium-High for exposed Android fleets; prioritize if affected devices may handle sensitive or regulated data.

Recommended defensive actions

• Apply the vendor fix referenced in the Android security bulletin linked from the NVD record.
• Inventory Android devices and builds that include the NVIDIA video driver, with attention to the Android and Linux kernel CPEs listed in the source corpus.
• Confirm that devices are at or beyond the vendor-patched security level associated with the February 2017 Android bulletin.
• Treat unpatched affected devices as confidentiality-risk assets and limit exposure of sensitive data until updates are verified.
• Validate remediation using device security patch level checks and standard mobile fleet compliance reporting.

Evidence notes

This debrief is based only on the supplied NVD record and its official/vendor references. The source corpus states: information disclosure in the NVIDIA video driver, local malicious application access outside permission levels, Android product context, and reference to the Android security bulletin (2017-02-01). NVD lists CVSS 3.0 5.5 and CWE-200. Publication date used here is the CVE publishedAt timestamp (2017-02-08T15:59:01.957Z); the later 2026-05-13 modification timestamp is not treated as the issue date.

Official resources