High severity7.8NVD Advisory· Published Aug 9, 2017· Updated May 13, 2026

CVE-2017-0749

Description

A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Elevation of privilege vulnerability in the Android kernel allows local attackers to gain elevated privileges.

Vulnerability

A elevation of privilege vulnerability exists in the Android kernel (based on upstream Linux). The exact code path is not publicly detailed, but it allows a local attacker to escalate privileges. Affected versions include all Android kernel builds prior to the August 2017 security update. The vulnerability is Android-specific and does not affect upstream Linux distributions [2][3].

Exploitation

An attacker must have local access to the device and the ability to execute arbitrary code. No user interaction is required. The exploitation steps are not publicly disclosed, but the vulnerability can be triggered by a crafted application or system call.

Impact

Successful exploitation results in elevation of privilege, allowing the attacker to execute arbitrary code in the kernel context. This can lead to full compromise of the device, including access to sensitive data and system functions.

Mitigation

Google released a fix in the Android Security Bulletin dated August 1, 2017 [1]. Users should apply the OTA update for their device. No workaround is available. The vulnerability is not present in upstream Linux kernels, so no action is needed for non-Android systems.

References

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Android2 versions
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*range: <=7.1.2
- (no CPE)range: Android kernel
Google/Android kernelllm-fuzzy
Ubuntu/Linux Kernelllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/100215nvdThird Party AdvisoryVDB Entry
source.android.com/security/bulletin/2017-08-01nvdVendor Advisory
bugzilla.novell.com/show_bug.cginvd
people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0749.htmlnvd
security-tracker.debian.org/tracker/CVE-2017-0749nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000