PatchSiren cyber security CVE debrief

CVE-2017-0432 Linux CVE debrief

CVE-2017-0432 is a high-severity elevation of privilege issue affecting an Android MediaTek driver in Kernel-3.10. The CVE description says a local malicious application could execute arbitrary code in kernel context, but exploitation first requires compromising a privileged process. In practice, that means the issue is most concerning on devices where an attacker already has some on-device foothold or can chain another bug to reach the privileged process boundary.

Vendor: Linux
Product: CVE-2017-0432
CVSS: HIGH 7
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-08
Original CVE updated: 2026-05-13
Advisory published: 2017-02-08
Advisory updated: 2026-05-13

Who should care

Android OEMs and device vendors, kernel and driver maintainers, mobile fleet security teams, and incident responders responsible for devices that include MediaTek components in Kernel-3.10.

Technical summary

The supplied sources describe a MediaTek driver flaw in Android Kernel-3.10 that can lead to arbitrary code execution in the kernel context. NVD classifies the issue with CVSS 3.0 vector AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H and lists a vulnerable Linux kernel 3.10 CPE, while the Android advisory reference identifies the Android security bulletin as the vendor patch source. The CVE text explicitly states that exploitation first requires compromising a privileged process.

Defensive priority

High. Prioritize affected Android Kernel-3.10/MediaTek deployments because successful exploitation can reach kernel context and materially affect confidentiality, integrity, and availability.

Recommended defensive actions

Confirm whether any supported devices or builds include the affected Android Kernel-3.10 MediaTek driver path referenced by the advisory.
Apply the Android security bulletin fixes or OEM backported patches associated with the 2017-02-01 bulletin reference, and verify the fix is present in shipped builds.
Rebuild or validate device images against the relevant security patch level before deployment to production fleets.
Treat devices with older Kernel-3.10 branches as higher priority for patch verification and lifecycle review.
Monitor for unusual privilege-escalation activity on impacted fleets, especially on devices with a local attacker foothold.

Evidence notes

The CVE was published in NVD on 2017-02-08 and later modified on 2026-05-13. The supplied NVD metadata describes an Android MediaTek driver issue and includes references to the Android security bulletin, SecurityFocus BID 96067, and SecurityTracker entry 1037798. NVD also maps the issue to linux:linux_kernel:3.10 and gives a CVSS 3.0 vector of AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Official resources

CVE-2017-0432 CVE record
CVE.org
CVE-2017-0432 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory

Public CVE disclosure date in the supplied timeline is 2017-02-08; the referenced Android bulletin URL is dated 2017-02-01.