High severity7.8NVD Advisory· Published Jul 6, 2017· Updated May 13, 2026

CVE-2017-6247

Description

An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process in the kernel. Product: Android. Versions: N/A. Android ID: A-34386301. References: N-CVE-2017-6247.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Local elevation of privilege in NVIDIA sound driver on Android allows arbitrary code execution in kernel.

Vulnerability

The vulnerability resides in the NVIDIA sound driver on Android devices. A local malicious application can trigger an elevation of privilege to execute arbitrary code within the kernel context. The specific affected driver versions are not listed in the available references, but the issue is addressed in the Android Security Bulletin for June 2017 [1].

Exploitation

An attacker must have the ability to install and run a malicious application on the target device. The application can then exploit the vulnerability by sending a crafted request to the NVIDIA sound driver, without requiring additional authentication or user interaction beyond installation.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the kernel, resulting in full compromise of the device. This includes the ability to access sensitive data, modify system settings, and install persistent malware, all with kernel-level privileges.

Mitigation

The fix is included in the Android Security Bulletin dated June 2017 [1]. Users should ensure their device's security patch level is set to 2017-06-01 or later. No workaround is available; applying the update is the recommended mitigation.

References

Android Security Bulletin—June 2017

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Android2 versions
cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
- (no CPE)
Mediatek/Sound Driverllm-fuzzy
Nvidia Corporation/Androidv5
Range: NA

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/98876nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038623nvdThird Party AdvisoryVDB Entry
source.android.com/security/bulletin/2017-06-01nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000