CVE-2017-0435 Linux CVE debrief

Who should care

Android platform maintainers, device OEMs, kernel integrators, and defenders responsible for Qualcomm-based Android builds on affected kernel branches (Kernel-3.10 and Kernel-3.18).

Technical summary

The CVE record describes a vulnerability in the Qualcomm sound driver that could allow a local malicious app to gain kernel-level code execution. NVD maps the affected scope to Android versions up to 7.1.1 and to Linux kernel 3.10 and 3.18 CPEs, with a CVSS v3.0 vector of AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The Android security bulletin is cited in the source references.

Defensive priority

High

Recommended defensive actions

• Verify whether your Android builds include Qualcomm sound driver components tied to the affected kernel branches.
• Prioritize vendor security bulletins and upstream patches for Android kernel 3.10 and 3.18-based devices.
• Deploy OEM or platform updates that address the Android security bulletin referenced in the source.
• Treat devices without confirmed patch status as at-risk until firmware or OS updates are validated.
• Use configuration and access controls to reduce exposure to untrusted local applications and privilege escalation paths.

Evidence notes

This debrief is based only on the supplied CVE description, the NVD record, and the referenced Android security bulletin link. The CVE description states the flaw is in the Qualcomm sound driver and may enable kernel-context code execution from a local malicious app. NVD lists affected CPEs for Android through 7.1.1 plus Linux kernel 3.10 and 3.18, and includes CVSS v3.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Official resources