PatchSiren cyber security CVE debrief

CVE-2017-0438 Linux CVE debrief

CVE-2017-0438 is a high-severity Android kernel vulnerability affecting Qualcomm Wi‑Fi driver code in Android kernel 3.10 and 3.18 builds. The advisory says a local malicious application could execute arbitrary code in kernel context, with the issue rated High because it first requires compromising a privileged process. NVD also classifies the issue as local, high-complexity, and high-impact. Administrators should treat this as a kernel patching issue for affected Android devices and downstream OEM builds.

Vendor: Linux
Product: CVE-2017-0438
CVSS: HIGH 7
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-08
Original CVE updated: 2026-05-13
Advisory published: 2017-02-08
Advisory updated: 2026-05-13

Who should care

Android OEMs, device maintainers, and enterprise teams managing Android fleets that ship kernel-3.10 or kernel-3.18 builds with Qualcomm Wi‑Fi driver code. Security teams responsible for backported Android kernel patches should also review their device-specific builds, especially where third-party app installation is allowed.

Technical summary

The CVE describes an elevation-of-privilege flaw in the Qualcomm Wi‑Fi driver on Android. The primary impact is kernel-context arbitrary code execution from a local malicious application. The NVD record maps the issue to Android versions up to 7.1.1 and Linux kernel 3.10 and 3.18 CPEs, and assigns CVSS 3.0 vector AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H with CWE-120.

Defensive priority

High. This is a kernel-level issue with potential for full device compromise within the kernel context, but the published data indicates nontrivial exploitation conditions. It should still be prioritized alongside other kernel and OEM firmware updates because affected devices may remain vulnerable until vendor backports are applied.

Recommended defensive actions

Check whether any supported Android devices, downstream builds, or custom ROMs include affected Qualcomm Wi‑Fi driver code from kernel 3.10 or 3.18.
Apply the Android Security Bulletin 2017-02-01 updates and any OEM/vendor backports that address this CVE.
Verify patch status across all device variants, including vendor kernels and long-term-support branches that may not share the same upstream version strings.
Prioritize remediation on fleets that allow untrusted third-party app installation or that run older Android releases mapped by NVD as vulnerable through 7.1.1.

Evidence notes

The corpus ties this CVE to an Android vendor advisory dated 2017-02-01 and an NVD record published on 2017-02-08. NVD lists affected CPEs for Android up to 7.1.1 and Linux kernel 3.10/3.18, and records CVSS 3.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H plus CWE-120. The source corpus also contains a vendor-attribution mismatch: the provided vendor field says Linux, while the description and references clearly point to Android/Qualcomm Wi‑Fi driver content.

Official resources

CVE-2017-0438 CVE record
CVE.org
CVE-2017-0438 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

Publicly disclosed in the Android Security Bulletin dated 2017-02-01 and recorded in NVD on 2017-02-08.