VYPR
← All advisories
High severity7.0NVD Advisory· Published Jun 14, 2017· Updated May 13, 2026

CVE-2017-0649

CVE-2017-0649

Description

An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local elevation of privilege vulnerability in the MediaTek sound driver on Android allows arbitrary code execution in the kernel context.

Vulnerability

The vulnerability resides in the MediaTek sound driver, a kernel component on Android devices. A local malicious application can trigger an elevation of privilege by exploiting a flaw in this driver, leading to arbitrary code execution within the kernel. The issue affects Android devices with MediaTek chipsets prior to the June 2017 security update [1].

Exploitation

Exploitation requires a local malicious application that first compromises a privileged process, as noted in the Android Security Bulletin [1]. Once the attacker gains elevated privileges, they can leverage the sound driver vulnerability to execute arbitrary code in the kernel context. The exact sequence involves sending crafted inputs to the driver to trigger the flaw.

Impact

Successful exploitation grants the attacker arbitrary code execution at the kernel level, resulting in full compromise of the device. This includes the ability to read and modify sensitive data, install persistent malware, and bypass security mechanisms.

Mitigation

The vulnerability is addressed in the Android security patch level of June 5, 2017 [1]. Users should ensure their devices receive this update. No workarounds are available; applying the vendor-provided patch is the only mitigation.

References
  1. Android Security Bulletin—June 2017

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Google/Android2 versions
    cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
    • (no CPE)range: Android-N/A
  • Mediatek/Sound Driverllm-create

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.