CVE-2017-0430 Linux CVE debrief

Who should care

Android OEMs and carriers, endpoint and mobile device management teams, security operations teams, and users of affected Android devices or builds that include Broadcom Wi‑Fi driver code in kernel 3.10 or 3.18 paths.

Technical summary

The NVD record maps this issue to Android versions through 7.1.1 and to Linux kernel 3.10 and 3.18 CPEs. The vulnerability is local, requires user interaction, and can result in code execution with kernel-level impact. Android’s bulletin classifies it as Critical, while NVD assigns CVSS 3.0 7.8 (HIGH) with low attack complexity, no privileges required, and high confidentiality, integrity, and availability impact.

Defensive priority

High — prioritize patching on managed Android fleets, especially devices that can install third-party apps or run unsupported builds.

Recommended defensive actions

• Apply the Android security update referenced in the 2017-02-01 Android Security Bulletin to affected devices.
• Inventory devices and builds that include Broadcom Wi‑Fi driver code and confirm whether they match the affected Android/kernel scope in the record.
• Upgrade or retire unsupported devices that cannot receive a vendor fix, since the advisory notes possible permanent device compromise.
• Track Android and OEM security bulletins for backported fixes on device-specific firmware builds.

Evidence notes

Source evidence ties the issue to Android/Broadcom Wi‑Fi driver code and lists affected Android versions through 7.1.1 plus Linux kernel 3.10 and 3.18 CPEs. The Android Security Bulletin reference is marked as a patch/vendor advisory. NVD provides the CVSS vector (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The CVE record was published on 2017-02-08 and later modified on 2026-05-13; those dates are record metadata, not the original issue date.

Official resources