Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0412Time-of-check Time-of-use (TOCTOU) Race Condition in INC Android

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition7 documents6 sources
Severity
7.8HIGHNVD
EPSS
1.4%
top 19.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedFeb 8
Latest updateMay 13

Description

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDgoogle/android7.0, 7.1.0, 7.1.1+2
CVEListV5google_inc/androidAndroid-7.0, Android-7.1.1+1

🔴Vulnerability Details

2
GHSA
GHSA-m4v5-74p5-r79x: An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context2022-05-13
OSV
CVE-2017-0412: An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context2017-02-08

💥Exploits & PoCs

2
Exploit-DB
Android - Inter-Process munmap due to Race Condition in ashmem2018-01-08
Exploit-DB
Google Android - android.util.MemoryIntArray Ashmem Race Conditions2017-02-14

📋Vendor Advisories

1
Android
CVE-2017-0412: Android Security Bulletin 2017-02-01 CVE: CVE-2017-0412 Severity: HIGH Affected AOSP versions: 72017-02-01

💬Community

1
Bugzilla
CVE-2017-2905 blender: Integer Overflow in the bmp loading functionality2018-08-01