PatchSiren cyber security CVE debrief

CVE-2017-0439 Linux CVE debrief

CVE-2017-0439 is a high-severity Android kernel issue in the Qualcomm Wi‑Fi driver. According to the CVE record, a local malicious app could reach arbitrary code execution in kernel context, and the description notes the attack first requires compromising a privileged process. The supplied record ties impact to Android builds through 7.1.1 and to Linux kernel 3.10 and 3.18.

Vendor: Linux
Product: CVE-2017-0439
CVSS: HIGH 7
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-08
Original CVE updated: 2026-05-13
Advisory published: 2017-02-08
Advisory updated: 2026-05-13

Who should care

Android OEMs, kernel maintainers, device fleet operators, and security teams responsible for Qualcomm Wi‑Fi driver backports on Android 7.1.1 and earlier, especially on kernel 3.10/3.18 branches.

Technical summary

The supplied references identify an out-of-bounds write in a Qualcomm Wi‑Fi driver function (hdd_extscan_passpoint_fill_network_list) and map the weakness to CWE-120. The issue is described as enabling arbitrary code execution in kernel context from a local malicious application, with the CVE text stating that exploitation first depends on compromising a privileged process. NVD lists Android versions through 7.1.1 and Linux kernel 3.10 and 3.18 as affected CPEs, and the Android Security Bulletin plus Code Aurora advisory are the primary vendor-linked references.

Defensive priority

High priority for patching affected Android OEM builds and kernel branches, but the issue is local and requires additional privilege compromise, so the main risk is post-compromise kernel escalation rather than remote exposure.

Recommended defensive actions

Apply the Android Security Bulletin 2017-02-01 fixes and vendor backports referenced by the CVE record.
Confirm whether any deployed devices use Android builds at or below 7.1.1 or kernels based on 3.10/3.18.
Track OEM and chipset-specific backports for the Qualcomm Wi‑Fi driver advisory in Code Aurora.
Prioritize updates for exposed or hard-to-update devices that run affected Android/kernel combinations.
Retire, isolate, or tightly control unsupported devices that cannot receive the vendor patch.

Evidence notes

The CVE record was published on 2017-02-08, and the later 2026-05-13 modification timestamp is metadata only. The supplied record cites Android Security Bulletin 2017-02-01 and Code Aurora as vendor references, while NVD associates the issue with Android <= 7.1.1 plus Linux kernel 3.10 and 3.18. The description and NVD weakness mapping support a kernel-level memory corruption issue (CWE-120) in a Qualcomm Wi‑Fi driver.

Official resources

CVE-2017-0439 CVE record
CVE.org
CVE-2017-0439 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory
Source reference
[email protected]

CVE published on 2017-02-08. The supplied record also carries a later 2026-05-13 modification timestamp, which should be treated as record metadata rather than the vulnerability date.