CVE-2017-0627Sensitive Information Exposure in INC Android

CWE-200Sensitive Information Exposure9 documents7 sources
Severity
4.7MEDIUMNVD
EPSS
0.3%
top 43.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelGoogle INC AndroidGoogle Android
Timeline
PublishedMay 12
Latest updateMay 14

Description

An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

Ubuntulinux/linux_kernel< 3.13.0-151.201+1
NVDlinux/linux_kernel3.10, 3.18+1
CVEListV5google_inc/androidKernel-3.10, Kernel-3.18+1

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

3
GHSA
GHSA-gfxj-7wmc-27p2: An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission l2022-05-14
OSV
linux vulnerabilities2018-06-11
OSV
CVE-2017-0627: An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission l2017-05-12

📋Vendor Advisories

4
Ubuntu
Linux kernel vulnerabilities2018-06-11
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2018-06-11
Android
CVE-2017-0627: Android Security Bulletin 2017-05-01 CVE: CVE-2017-0627 Severity: MEDIUM References: A-33300353*2017-05-01
Red Hat
kernel: Information disclosure vulnerability in kernel UVC driver2017-05-01

💬Community

1
Bugzilla
CVE-2017-0627 kernel: Information disclosure vulnerability in kernel UVC driver2017-05-11