CVE-2017-0791

Vulnerability

The elevation of privilege vulnerability resides in the Broadcom Wi-Fi driver (bcmdhd) used in the Android kernel. A local attacker can trigger the flaw by sending a specially crafted IOCTL to the driver. The affected versions include Android kernel versions prior to the September 2017 security patch level (as referenced in A-37306719 and B-V2017052302) [1].

Exploitation

Exploitation requires the attacker to have local access to the device and the ability to execute a program that invokes the vulnerable IOCTL. No additional authentication is needed beyond normal user permissions. The attacker crafts an IOCTL call with malicious parameters that trigger a memory corruption or improper privilege separation within the driver [1].

Impact

Successful exploitation grants the attacker elevated privileges (root or system-level access) on the device. This bypasses Android's sandboxing and allows the attacker to execute arbitrary code in the kernel context, potentially leading to full device compromise including data theft, app manipulation, and persistent root access [1].

Mitigation

Google released a fix in the September 2017 Android Security Bulletin. Affected devices should apply the Android kernel update included in that bulletin. Users should ensure their device is running a security patch level of September 1, 2017 or later. No workaround other than applying the patch is available [1].