CVE-2017-0529Sensitive Information Exposure in Google Android

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 68.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google AndroidGoogle INC Android
Timeline
PublishedMar 8
Latest updateMay 17

Description

An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. References: M-ALPS02710042.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDgoogle/android7.1.1
CVEListV5google_inc/androidn/a

Patches

Patch: source.android.com

🔴Vulnerability Details

2
GHSA
GHSA-x697-cgvq-8g7h: An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission lev2022-05-17
OSV
CVE-2017-0529: An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission lev2017-03-08

📋Vendor Advisories

1
Android
CVE-2017-0529: Android Security Bulletin 2017-03-01 CVE: CVE-2017-0529 Severity: HIGH References: A-28449427* M-ALPS027100422017-03-01