CVE-2017-0546

An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.

Published : 2017-04-07 22:59 Updated : 2019-10-03 00:03

9.3
CVSS Score More info
Score 9.3 / 10
9.3
Vendor Product Version URI
Google Android 7.1.0 cpe:/o:google:android:7.1.0
Google Android 7.1.1 cpe:/o:google:android:7.1.1
Google Android 5.0.2 cpe:/o:google:android:5.0.2
Google Android 5.1.1 cpe:/o:google:android:5.1.1
Google Android 4.0.2 cpe:/o:google:android:4.0.2
Google Android 4.0.1 cpe:/o:google:android:4.0.1
Google Android 6.0.1 cpe:/o:google:android:6.0.1
Google Android 4.4.4 cpe:/o:google:android:4.4.4
Google Android 4.4.3 cpe:/o:google:android:4.4.3
Google Android 4.4.2 cpe:/o:google:android:4.4.2
Google Android 4.4.1 cpe:/o:google:android:4.4.1
Google Android 4.0.4 cpe:/o:google:android:4.0.4
Google Android 4.2.2 cpe:/o:google:android:4.2.2
Google Android 4.3.1 cpe:/o:google:android:4.3.1
Google Android 4.0.3 cpe:/o:google:android:4.0.3
Google Android 4.1.2 cpe:/o:google:android:4.1.2
Google Android 4.2.1 cpe:/o:google:android:4.2.1
Google Android 6.0 cpe:/o:google:android:6.0
Google Android 5.1 cpe:/o:google:android:5.1
Google Android 4.2 cpe:/o:google:android:4.2
Google Android 5.0 cpe:/o:google:android:5.0
Google Android 4.1 cpe:/o:google:android:4.1
Google Android 5.0.1 cpe:/o:google:android:5.0.1
Google Android 5.1.0 cpe:/o:google:android:5.1.0
Google Android 4.4 cpe:/o:google:android:4.4
Google Android 7.0 cpe:/o:google:android:7.0
Google Android 4.3 cpe:/o:google:android:4.3
Google Android 4.0 cpe:/o:google:android:4.0
  1. Google (1) Search CVE
    1. Android (28) Search CVE
      1. 7.1.0
      2. 7.1.1
      3. 5.0.2
      4. 5.1.1
      5. 4.0.2
      6. 4.0.1
      7. 6.0.1
      8. 4.4.4
      9. 4.4.3
      10. 4.4.2
      11. 4.4.1
      12. 4.0.4
      13. 4.2.2
      14. 4.3.1
      15. 4.0.3
      16. 4.1.2
      17. 4.2.1
      18. 6.0
      19. 5.1
      20. 4.2
      21. 5.0
      22. 4.1
      23. 5.0.1
      24. 5.1.0
      25. 4.4
      26. 7.0
      27. 4.3
      28. 4.0

CWE

ID Name Description Links
CWE-476 NULL Pointer Dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. CVE

History of changes

Date Event
2019-10-03 00:03
2017-07-11 15:01
2017-04-07 22:59

New CVE