Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0411Time-of-check Time-of-use (TOCTOU) Race Condition in INC Android

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition6 documents6 sources
Severity
7.8HIGHNVD
EPSS
3.5%
top 12.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedFeb 8
Latest updateMay 13

Description

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgoogle/android7.0, 7.1.0, 7.1.1+2
CVEListV5google_inc/androidAndroid-7.0, Android-7.1.1+1

🔴Vulnerability Details

2
GHSA
GHSA-5vxj-qrgr-4w8q: An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context2022-05-13
OSV
CVE-2017-0411: An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context2017-02-08

💥Exploits & PoCs

1
Exploit-DB
Google Android - Inter-process munmap in android.util.MemoryIntArray2017-02-14

📋Vendor Advisories

1
Android
CVE-2017-0411: Android Security Bulletin 2017-02-01 CVE: CVE-2017-0411 Severity: HIGH Affected AOSP versions: 72017-02-01

💬Community

1
Bugzilla
CVE-2017-2903 blender: Integer Overflow in the RADIANCE loading functionality2018-08-01