CVE-2017-0546

An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
google_androidCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
googleandroid
4.0
googleandroid
4.0.1
googleandroid
4.0.2
googleandroid
4.0.3
googleandroid
4.0.4
googleandroid
4.1
googleandroid
4.1.2
googleandroid
4.2
googleandroid
4.2.1
googleandroid
4.2.2
googleandroid
4.3
googleandroid
4.3.1
googleandroid
4.4
googleandroid
4.4.1
googleandroid
4.4.2
googleandroid
4.4.3
googleandroid
4.4.4
googleandroid
5.0
googleandroid
5.0.1
googleandroid
5.0.2
googleandroid
5.1
googleandroid
5.1.0
googleandroid
5.1.1
googleandroid
6.0
googleandroid
6.0.1
googleandroid
7.0
googleandroid
7.1.0
googleandroid
7.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97341
http://www.securitytracker.com/id/1038201
https://source.android.com/security/bulletin/2017-04-01
http://www.securityfocus.com/bid/97341
http://www.securitytracker.com/id/1038201
https://source.android.com/security/bulletin/2017-04-01