CVE-2017-9717
Description
A buffer overread in Netlink attribute parsing in Android for MSM, Firefox OS for MSM, and QRD Android could lead to information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overread in Netlink attribute parsing in Android for MSM, Firefox OS for MSM, and QRD Android could lead to information disclosure.
Vulnerability
A buffer overread vulnerability exists in the Linux kernel's handling of Netlink attributes. This issue affects Android for MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel. The vulnerability occurs during parsing of Netlink attributes, allowing an attacker to read beyond the intended buffer boundaries.
Exploitation
An attacker with local user access can send a specially crafted Netlink message to trigger the buffer overread. No special permissions or user interaction are required beyond the ability to execute code on the device.
Impact
Successful exploitation could allow an attacker to read sensitive kernel memory, leading to information disclosure. The CVSS v3 base score is 7.5 (High), indicating significant potential for data leakage.
Mitigation
This vulnerability was addressed in the Android security patch level of 2017-10-01, as documented in the Pixel/Nexus Security Bulletin [1]. Users should apply the available security update to mitigate the risk. No workarounds are available.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/101160nvdThird Party AdvisoryVDB Entry
- source.android.com/security/bulletin/pixel/2017-10-01nvdVendor Advisory
News mentions
0No linked articles in our index yet.