Vulnerability Details : CVE-2017-0553
An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.
Published
2017-04-07 22:59:01
Updated
2019-10-03 00:03:26
Vulnerability category: OverflowExecute codeGain privilege
Products affected by CVE-2017-0553
- cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-0553
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-0553
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST | |
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2017-0553
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-0553
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VCF5KS6HOJZLFIY2ZSXSVSDQX65A2PU/
[SECURITY] Fedora 24 Update: libnl3-3.2.28-5.fc24 - package-announce - Fedora Mailing-Lists
-
http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
git.infradead.org Git - users/tgr/libnl.git/commit
-
https://usn.ubuntu.com/usn/usn-3311-1/
USN-3311-1: libnl vulnerability | Ubuntu security notices
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KIHASXRQO2YTQPKVP4VGIB2XHPANG6YX/
[SECURITY] Fedora 25 Update: libnl3-3.2.29-3.fc25 - package-announce - Fedora Mailing-Lists
-
http://www.securityfocus.com/bid/97340
Google Android libnl CVE-2017-0553 Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://source.android.com/security/bulletin/2017-04-01
Android Security Bulletin—April 2017 | Android Open Source ProjectVendor Advisory
-
https://access.redhat.com/errata/RHSA-2017:2299
RHSA-2017:2299 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-3311-2
USN-3311-2: libnl vulnerability | Ubuntu security notices
-
http://www.securitytracker.com/id/1038201
Google Android Multiple Flaws Let Users Deny Service, Obtain Potentially Sensitive Information, and Gain Elevated Privileges and Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://lists.infradead.org/pipermail/libnl/2017-May/002313.html
ANN: libnl 3.3.0 released
Jump to