CVE-2017-0787

Vulnerability

The Broadcom Wi-Fi driver in the Android kernel contains an elevation of privilege vulnerability, designated by Android ID A-37722970 and referenced as B-V2017053104. This flaw resides in the processing of Wi-Fi frames and can be triggered without user interaction. Affected versions include Android 7.0 Nougat, 7.1.1, 7.1.2, 8.0, and possibly earlier builds using the vulnerable Broadcom driver. The issue was publicly disclosed in the September 2017 Android Security Bulletin [1].

Exploitation

An attacker within Wi-Fi range can send a specially crafted Wi-Fi frame to a device running an affected Android version. No user interaction is required. The malformed frame triggers a buffer overflow or similar memory corruption in the Broadcom driver's firmware parsing code, allowing the attacker to execute arbitrary code within the context of the Wi-Fi driver.

Impact

Successful exploitation results in elevation of privilege, allowing the attacker to execute arbitrary code at the kernel level. This can lead to full compromise of the device's confidentiality, integrity, and availability, including the ability to install persistent malware, access sensitive data (e.g., encryption keys, passwords), and modify system settings.

Mitigation

Google released a fix as part of the Android Security Bulletin dated September 5, 2017. The patch is included in the Android Open Source Project (AOSP) repository and was distributed to supported devices via over-the-air (OTA) updates. Users should ensure their devices have received the September 2017 or later security patch level. No workaround is available; the vulnerability is addressed solely through the driver update [1].