CVE-2017-0489INC Android vulnerability

7 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 71.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google INC AndroidGoogle Android
Timeline
PublishedMar 8
Latest updateMay 13

Description

An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDgoogle/android28 versions+27
CVEListV5google_inc/android7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-3v4f-v37f-fqg3: An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for loca2022-05-13
OSV
CVE-2017-0489: An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for loca2017-03-08

📋Vendor Advisories

1
Android
CVE-2017-0489: Android Security Bulletin 2017-03-01 CVE: CVE-2017-0489 Severity: MEDIUM Affected AOSP versions: 42017-03-01

💬Community

3
Bugzilla
CVE-2017-15137 atomic-openshift: image import whitelist can be bypassed by creating an imagestream or using oc tag2018-04-11
Bugzilla
CVE-2017-15138 atomic-openshift: cluster-reader can escalate to creating builds via webhooks in any project2018-04-11
Bugzilla
CVE-2017-14440 SDL2_image: code execution in the ILBM image rendering2018-03-06