PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-0442 Linux CVE debrief

CVE-2017-0442 is a high-severity elevation-of-privilege issue in the Qualcomm Wi‑Fi driver used by affected Android/kernel builds. NVD says a local attacker could reach arbitrary code execution in kernel context, while the Android-linked advisory notes the issue first requires compromising a privileged process. In practical terms, this is a local-to-kernel escalation problem with high impact, but it is not a simple unauthenticated remote exploit.

Vendor
Linux
Product
CVE-2017-0442
CVSS
HIGH 7
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-08
Original CVE updated
2026-05-13
Advisory published
2017-02-08
Advisory updated
2026-05-13

Who should care

Android OEMs, device operators, and security teams responsible for Qualcomm-based firmware or kernel maintenance on affected Android devices and Linux kernel branches should treat this as a patching priority. It is especially relevant for fleets that still rely on older Android 7.1.1-era builds or kernel 3.10/3.18 derivatives.

Technical summary

The NVD record classifies the issue as CVSS 3.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H and maps it to CWE-120. The vulnerability affects Android up to 7.1.1 and Linux kernel 3.10/3.18 CPEs in the NVD record, and the vendor-linked Android advisory identifies the Qualcomm Wi‑Fi driver as the affected component. The description indicates that successful exploitation can lead to arbitrary code execution in kernel context, but requires local conditions and, per the advisory summary, first compromising a privileged process.

Defensive priority

High. Kernel-context code execution makes this a serious issue for any exposed or long-lived affected device, even though exploitation requires local access and additional conditions.

Recommended defensive actions

  • Apply the Android/OEM security update that addresses Android ID A-32871330 and the Qualcomm reference QC-CR#1092497.
  • Verify whether any devices still run affected Android or kernel branches (including Android up to 7.1.1 and kernel 3.10/3.18 derivatives) and prioritize remediation or retirement.
  • Use vendor firmware channels to confirm the Wi‑Fi driver fix is actually present on devices, not just the OS build number.
  • Reduce the chance of privileged-process compromise by enforcing least privilege, app vetting, and strong mobile application controls.
  • Treat patched firmware validation as part of asset management for Android fleets, especially for devices that receive delayed OEM updates.

Evidence notes

This debrief is grounded in the supplied NVD record and the Android vendor advisory referenced by NVD. The CVE description states that a local malicious application could execute arbitrary code in kernel context and that the issue is high because it first requires compromising a privileged process. NVD lists affected CPEs for Android up to 7.1.1 and Linux kernel 3.10/3.18, gives CVSS 3.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, and maps the weakness to CWE-120. The advisory link from source.android.com corroborates the vendor-side remediation context.

Official resources

Publicly disclosed in the CVE record on 2017-02-08. NVD later updated the record on 2026-05-13; that later date is a record-modification timestamp, not the vulnerability's original issue date.