PatchSiren cyber security CVE debrief

CVE-2017-0440 Linux CVE debrief

CVE-2017-0440 is a high-severity elevation-of-privilege issue affecting Android and Linux kernel 3.10/3.18. According to the NVD record and Android security bulletin reference, a local malicious application could leverage a flaw in the Qualcomm Wi‑Fi driver to execute arbitrary code in kernel context. The reported risk is elevated by the need to first compromise a privileged process, but the potential impact remains severe because successful abuse can reach the kernel.

Vendor: Linux
Product: CVE-2017-0440
CVSS: HIGH 7
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-08
Original CVE updated: 2026-05-13
Advisory published: 2017-02-08
Advisory updated: 2026-05-13

Who should care

Android OEMs and security teams, device fleet owners, and maintainers of systems using affected Android kernel branches or Linux kernel 3.10/3.18 should review this issue. Teams responsible for Android platform security, driver validation, and kernel patch rollout should prioritize confirmation of exposure and patch status.

Technical summary

NVD classifies the issue with CVSS 3.0 vector AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H and weakness CWE-120. The vulnerability is described as an elevation of privilege in a Qualcomm Wi‑Fi driver that could enable arbitrary code execution in kernel context from a local attack path. The Android bulletin reference indicates the issue was addressed in Android security materials, and the NVD CPEs mark Android versions through 7.1.1 plus Linux kernel 3.10 and 3.18 as vulnerable.

Defensive priority

High. The attack is local and has notable prerequisites, but the outcome is kernel-context code execution with high confidentiality, integrity, and availability impact. Treat as a high-priority patch and exposure verification item for any affected Android or kernel-based deployment.

Recommended defensive actions

Verify whether any devices or builds include the affected Android or kernel versions identified by NVD.
Confirm vendor patch level and whether the Android security bulletin update for 2017-02-01 is present.
Prioritize remediation on exposed mobile fleets and embedded systems that ship the affected Qualcomm Wi‑Fi driver stack.
Monitor for signs of privilege escalation or unexpected kernel instability on potentially affected systems.
Track downstream OEM and carrier patch availability where direct OS updates are not immediately available.

Evidence notes

This debrief is based on the NVD CVE record, which lists Android CPE coverage through 7.1.1 and Linux kernel 3.10/3.18, plus references to the Android security bulletin and third-party advisories. The CVE description states the flaw is in a Qualcomm Wi‑Fi driver and may allow arbitrary kernel-code execution after compromising a privileged process. The published date used here is the CVE publication time from the supplied record; the later modified timestamp is not treated as the vulnerability date.

Official resources

CVE-2017-0440 CVE record
CVE.org
CVE-2017-0440 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Vendor Advisory

CVE published 2017-02-08T15:59:01.677Z; latest supplied modification timestamp 2026-05-13T00:24:29.033Z. Use the publication date as the disclosure date context.