CVE-2017-0705

Vulnerability

A use-after-free vulnerability exists in the Broadcom Wi-Fi driver (bcmdhd) used by the Android kernel. The flaw, identified by Android ID A-34973477 and referenced as B-RB#119898, affects all Android kernels prior to the 2017-07-01 security patch level. The bug allows an already compromised process to further escalate its privileges because the driver fails to properly handle memory management during certain Wi-Fi operations.

Exploitation

An attacker must already have local, unprivileged code execution on the device (e.g., through an app or base compromise). No user interaction beyond the initial compromise is required. The exploit leverages the use-after-free in the bcmdhd driver to corrupt kernel memory; a public proof-of-concept (C code) exists on GitHub [2] demonstrating the sequence of triggering the free and reallocating controlled data to hijack execution.

Impact

Successful exploitation yields arbitrary kernel memory read/write, leading to complete elevation of privilege from an untrusted app to kernel context. The attacker gains full control over the Android device, including the ability to bypass all security mechanisms enforced by the kernel.

Mitigation

Google released a fix in the July 2017 Android Security Bulletin [1]; the patch level 2017-07-01 or later eliminates this vulnerability. Devices that no longer receive security updates remain exposed. There is no known workaround. CVE-2017-0705 is not listed on CISA KEV.