Upstream information

CVE-2017-0605 at MITRE


An elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399704. References: QC-CR#1048480.

SUSE information

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 9.33 6.89
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network Local
Access Complexity Medium Medium
Authentication None None
Confidentiality Impact Complete Complete
Integrity Impact Complete Complete
Availability Impact Complete Complete
CVSS v3 Scores
  National Vulnerability Database
Base Score 7.8
Vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Access Vector Local
Access Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High

Note from the SUSE Security Team

This problem does not seem to be a valid issue, as care is taken of having delimiters earlier. We are currently considering no SUSE or openSUSE version affected.

SUSE Bugzilla entry: 1037331 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.