cvelistv5 - cve-2017-0561

CVE-2017-0561 (GCVE-0-2017-0561)

Vulnerability from cvelistv5

Published

2017-04-07 22:00

Modified

2024-08-05 13:11

Severity ?

CWE

Remote code execution

Summary

A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.

References

URL

Tags

security@android.com	http://www.securityfocus.com/bid/97367	Third Party Advisory, VDB Entry
security@android.com	http://www.securitytracker.com/id/1038201
security@android.com	https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
security@android.com	https://source.android.com/security/bulletin/2017-04-01	Patch, Vendor Advisory
security@android.com	https://www.exploit-db.com/exploits/41805/
security@android.com	https://www.exploit-db.com/exploits/41806/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97367	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038201
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
af854a3a-2127-422b-91ae-364da2661108	https://source.android.com/security/bulletin/2017-04-01	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41805/
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41806/

Impacted products

	Vendor	Product	Version
	Google Inc.	Android	Version: Kernel-3.10 Version: Kernel-3.18

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:11:06.443Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97367",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97367"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-04-01"
          },
          {
            "name": "41805",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41805/"
          },
          {
            "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
          },
          {
            "name": "41806",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41806/"
          },
          {
            "name": "1038201",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038201"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "Google Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Kernel-3.10"
            },
            {
              "status": "affected",
              "version": "Kernel-3.18"
            }
          ]
        }
      ],
      "datePublic": "2017-04-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-13T10:57:01",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "name": "97367",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97367"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/2017-04-01"
        },
        {
          "name": "41805",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41805/"
        },
        {
          "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
        },
        {
          "name": "41806",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41806/"
        },
        {
          "name": "1038201",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038201"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2017-0561",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Kernel-3.10"
                          },
                          {
                            "version_value": "Kernel-3.18"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "97367",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97367"
            },
            {
              "name": "https://source.android.com/security/bulletin/2017-04-01",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/2017-04-01"
            },
            {
              "name": "41805",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41805/"
            },
            {
              "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
            },
            {
              "name": "41806",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41806/"
            },
            {
              "name": "1038201",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038201"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2017-0561",
    "datePublished": "2017-04-07T22:00:00",
    "dateReserved": "2016-11-29T00:00:00",
    "dateUpdated": "2024-08-05T13:11:06.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-0561\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2017-04-07T22:59:00.967\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el firmware de Broadcom Wi-Fi podr\u00eda permitir a un atacante remoto ejecutar c\u00f3digo arbitrario dentro del contexto del SoC Wi-Fi. Este problema est\u00e1 clasificado como cr\u00edtico debido a la posibilidad de ejecuci\u00f3n remota de c\u00f3digo en el contexto del Wi-Fi SoC. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. ID de Android: A-34199105. Referencias: B-RB#110814.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C37F47C-C217-4BCF-A758-14E1BDBAD63D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"364CAD86-F652-4B84-932A-A8D9146C9010\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/97367\",\"source\":\"security@android.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038201\",\"source\":\"security@android.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\",\"source\":\"security@android.com\"},{\"url\":\"https://source.android.com/security/bulletin/2017-04-01\",\"source\":\"security@android.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41805/\",\"source\":\"security@android.com\"},{\"url\":\"https://www.exploit-db.com/exploits/41806/\",\"source\":\"security@android.com\"},{\"url\":\"http://www.securityfocus.com/bid/97367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038201\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://source.android.com/security/bulletin/2017-04-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/41805/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/41806/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2017-AVI-099

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 3 avril 2017

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Android du 03 avril 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le  correctif de s\u00e9curit\u00e9 du 3 avril 2017\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-0554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0554"
    },
    {
      "name": "CVE-2016-7097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7097"
    },
    {
      "name": "CVE-2017-0585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0585"
    },
    {
      "name": "CVE-2017-0544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0544"
    },
    {
      "name": "CVE-2017-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0543"
    },
    {
      "name": "CVE-2017-0574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0574"
    },
    {
      "name": "CVE-2016-5129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5129"
    },
    {
      "name": "CVE-2017-0332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0332"
    },
    {
      "name": "CVE-2017-0329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0329"
    },
    {
      "name": "CVE-2014-9936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9936"
    },
    {
      "name": "CVE-2017-0546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0546"
    },
    {
      "name": "CVE-2017-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0580"
    },
    {
      "name": "CVE-2017-0572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0572"
    },
    {
      "name": "CVE-2017-6425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6425"
    },
    {
      "name": "CVE-2014-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0206"
    },
    {
      "name": "CVE-2014-9933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9933"
    },
    {
      "name": "CVE-2016-5349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5349"
    },
    {
      "name": "CVE-2017-0565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0565"
    },
    {
      "name": "CVE-2017-0558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0558"
    },
    {
      "name": "CVE-2017-0573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0573"
    },
    {
      "name": "CVE-2017-0556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0556"
    },
    {
      "name": "CVE-2017-0564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0564"
    },
    {
      "name": "CVE-2016-5346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5346"
    },
    {
      "name": "CVE-2016-1022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1022"
    },
    {
      "name": "CVE-2014-9932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9932"
    },
    {
      "name": "CVE-2017-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0568"
    },
    {
      "name": "CVE-2017-0555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0555"
    },
    {
      "name": "CVE-2017-0548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0548"
    },
    {
      "name": "CVE-2014-1739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1739"
    },
    {
      "name": "CVE-2017-0542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0542"
    },
    {
      "name": "CVE-2017-0586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0586"
    },
    {
      "name": "CVE-2017-0327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0327"
    },
    {
      "name": "CVE-2017-0541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0541"
    },
    {
      "name": "CVE-2014-2706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2706"
    },
    {
      "name": "CVE-2017-0579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0579"
    },
    {
      "name": "CVE-2017-0577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0577"
    },
    {
      "name": "CVE-2017-0561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0561"
    },
    {
      "name": "CVE-2014-9935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9935"
    },
    {
      "name": "CVE-2017-0538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0538"
    },
    {
      "name": "CVE-2017-0566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0566"
    },
    {
      "name": "CVE-2015-8997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8997"
    },
    {
      "name": "CVE-2017-0339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0339"
    },
    {
      "name": "CVE-2017-0570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0570"
    },
    {
      "name": "CVE-2017-0560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0560"
    },
    {
      "name": "CVE-2017-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0539"
    },
    {
      "name": "CVE-2016-8465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8465"
    },
    {
      "name": "CVE-2015-8995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8995"
    },
    {
      "name": "CVE-2017-0584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0584"
    },
    {
      "name": "CVE-2014-9922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9922"
    },
    {
      "name": "CVE-2017-0462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0462"
    },
    {
      "name": "CVE-2017-0454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0454"
    },
    {
      "name": "CVE-2017-0325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0325"
    },
    {
      "name": "CVE-2014-9934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9934"
    },
    {
      "name": "CVE-2017-0563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0563"
    },
    {
      "name": "CVE-2014-9937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9937"
    },
    {
      "name": "CVE-2015-8996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8996"
    },
    {
      "name": "CVE-2017-0562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0562"
    },
    {
      "name": "CVE-2017-0575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0575"
    },
    {
      "name": "CVE-2015-8999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8999"
    },
    {
      "name": "CVE-2016-1024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1024"
    },
    {
      "name": "CVE-2017-6424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6424"
    },
    {
      "name": "CVE-2017-0545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0545"
    },
    {
      "name": "CVE-2017-0581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0581"
    },
    {
      "name": "CVE-2015-8998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8998"
    },
    {
      "name": "CVE-2017-0328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0328"
    },
    {
      "name": "CVE-2017-0559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0559"
    },
    {
      "name": "CVE-2014-9931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9931"
    },
    {
      "name": "CVE-2016-1023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1023"
    },
    {
      "name": "CVE-2017-0567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0567"
    },
    {
      "name": "CVE-2017-0569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0569"
    },
    {
      "name": "CVE-2017-0583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0583"
    },
    {
      "name": "CVE-2017-6426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6426"
    },
    {
      "name": "CVE-2015-9003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9003"
    },
    {
      "name": "CVE-2017-0557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0557"
    },
    {
      "name": "CVE-2017-0551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0551"
    },
    {
      "name": "CVE-2017-0550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0550"
    },
    {
      "name": "CVE-2017-0552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0552"
    },
    {
      "name": "CVE-2017-0571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0571"
    },
    {
      "name": "CVE-2015-9001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9001"
    },
    {
      "name": "CVE-2017-0578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0578"
    },
    {
      "name": "CVE-2017-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0547"
    },
    {
      "name": "CVE-2014-3145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3145"
    },
    {
      "name": "CVE-2015-9000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9000"
    },
    {
      "name": "CVE-2017-0549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0549"
    },
    {
      "name": "CVE-2014-4656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4656"
    },
    {
      "name": "CVE-2016-8489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8489"
    },
    {
      "name": "CVE-2017-6423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6423"
    },
    {
      "name": "CVE-2015-9002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9002"
    },
    {
      "name": "CVE-2017-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0330"
    },
    {
      "name": "CVE-2017-0553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0553"
    },
    {
      "name": "CVE-2017-0540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0540"
    },
    {
      "name": "CVE-2017-0576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0576"
    },
    {
      "name": "CVE-2017-0582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0582"
    }
  ],
  "initial_release_date": "2017-04-04T00:00:00",
  "last_revision_date": "2017-04-04T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-099",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nun d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 03 avril 2017",
      "url": "http://source.android.com/security/bulletin/2017-04-01.html"
    }
  ]
}

CERTFR-2017-AVI-138

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Google Chrome. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Chrome	Google Chrome OS versions antérieures à 58.0.3029.89
	Google	Chrome	Google Chrome versions antérieures à 58.0.3029.96

References

Title

Publication Time

Tags

Bulletin de sécurité Google du 02 mai 2017	None	vendor-advisory
Bulletin de sécurité Google Chrome OS du 02 mai 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome OS versions ant\u00e9rieures \u00e0 58.0.3029.89",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 58.0.3029.96",
      "product": {
        "name": "Chrome",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-0561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0561"
    },
    {
      "name": "CVE-2017-5068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5068"
    }
  ],
  "initial_release_date": "2017-05-03T00:00:00",
  "last_revision_date": "2017-05-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-138",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Chrome\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google du 02 mai 2017",
      "url": "https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Google Chrome OS du 02 mai 2017",
      "url": "https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-chrome-os.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed:+GoogleChromeReleases+(Google+Chrome+Releases)"
    }
  ]
}

cnvd-2017-04553

Vulnerability from cnvd

Title

Google Android远程代码执行漏洞（CNVD-2017-04553）

Description

Android是基于Linux开放性内核的手机操作系统。 Google Android在Broadcom Wi-Fi固件中存在远程代码执行漏洞，可使远程攻击者在Wi-Fi SoC上下文中执行任意代码。

Severity

高

Patch Name

Google Android远程代码执行漏洞（CNVD-2017-04553）的补丁

Patch Description

Android是基于Linux开放性内核的手机操作系统。 Google Android在Broadcom Wi-Fi固件中存在远程代码执行漏洞，可使远程攻击者在Wi-Fi SoC上下文中执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://source.android.com/security/bulletin/2017-04-01.html

Reference

https://source.android.com/security/bulletin/2017-04-01.html http://www.securityfocus.com/bid/97367

Impacted products

Name
Google Android APP FakeID

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97367"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-0561"
    }
  },
  "description": "Android\u662f\u57fa\u4e8eLinux\u5f00\u653e\u6027\u5185\u6838\u7684\u624b\u673a\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nGoogle Android\u5728Broadcom Wi-Fi\u56fa\u4ef6\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u53ef\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\u5728Wi-Fi SoC\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Gal Beniamini of Project Zero.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://source.android.com/security/bulletin/2017-04-01.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04553",
  "openTime": "2017-04-17",
  "patchDescription": "Android\u662f\u57fa\u4e8eLinux\u5f00\u653e\u6027\u5185\u6838\u7684\u624b\u673a\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nGoogle Android\u5728Broadcom Wi-Fi\u56fa\u4ef6\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u53ef\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\u5728Wi-Fi SoC\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Android\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2017-04553\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google Android APP FakeID"
  },
  "referenceLink": "https://source.android.com/security/bulletin/2017-04-01.html\r\nhttp://www.securityfocus.com/bid/97367",
  "serverity": "\u9ad8",
  "submitTime": "2017-04-07",
  "title": "Google Android\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2017-04553\uff09"
}

ghsa-gwvj-5r5w-vc2g

Vulnerability from github

Published

2022-05-13 01:40

Modified

2025-04-20 03:35

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-0561"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-07T22:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.",
  "id": "GHSA-gwvj-5r5w-vc2g",
  "modified": "2025-04-20T03:35:35Z",
  "published": "2022-05-13T01:40:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0561"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-04-01"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41805"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/41806"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97367"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038201"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2017-0561

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-0561

Aliases

CVE-2017-0561

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-0561",
    "description": "A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.",
    "id": "GSD-2017-0561",
    "references": [
      "https://advisories.mageia.org/CVE-2017-0561.html",
      "https://packetstormsecurity.com/files/cve/CVE-2017-0561"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-0561"
      ],
      "details": "A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.",
      "id": "GSD-2017-0561",
      "modified": "2023-12-13T01:21:00.072178Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@android.com",
        "ID": "CVE-2017-0561",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Android",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Kernel-3.10"
                        },
                        {
                          "version_value": "Kernel-3.18"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "97367",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97367"
          },
          {
            "name": "https://source.android.com/security/bulletin/2017-04-01",
            "refsource": "CONFIRM",
            "url": "https://source.android.com/security/bulletin/2017-04-01"
          },
          {
            "name": "41805",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/41805/"
          },
          {
            "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
          },
          {
            "name": "41806",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/41806/"
          },
          {
            "name": "1038201",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038201"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2017-0561"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2017-04-01",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://source.android.com/security/bulletin/2017-04-01"
            },
            {
              "name": "97367",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/97367"
            },
            {
              "name": "1038201",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038201"
            },
            {
              "name": "41806",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/41806/"
            },
            {
              "name": "41805",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/41805/"
            },
            {
              "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1573-1] firmware-nonfree security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-04-07T22:59Z"
    }
  }
}

fkie_cve-2017-0561

Vulnerability from fkie_nvd

Published

2017-04-07 22:59

Modified

2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@android.com	http://www.securityfocus.com/bid/97367	Third Party Advisory, VDB Entry
security@android.com	http://www.securitytracker.com/id/1038201
security@android.com	https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
security@android.com	https://source.android.com/security/bulletin/2017-04-01	Patch, Vendor Advisory
security@android.com	https://www.exploit-db.com/exploits/41805/
security@android.com	https://www.exploit-db.com/exploits/41806/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97367	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038201
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html
af854a3a-2127-422b-91ae-364da2661108	https://source.android.com/security/bulletin/2017-04-01	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41805/
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/41806/

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	3.10
	linux	linux_kernel	3.18

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C37F47C-C217-4BCF-A758-14E1BDBAD63D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "364CAD86-F652-4B84-932A-A8D9146C9010",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el firmware de Broadcom Wi-Fi podr\u00eda permitir a un atacante remoto ejecutar c\u00f3digo arbitrario dentro del contexto del SoC Wi-Fi. Este problema est\u00e1 clasificado como cr\u00edtico debido a la posibilidad de ejecuci\u00f3n remota de c\u00f3digo en el contexto del Wi-Fi SoC. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. ID de Android: A-34199105. Referencias: B-RB#110814."
    }
  ],
  "id": "CVE-2017-0561",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-07T22:59:00.967",
  "references": [
    {
      "source": "security@android.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97367"
    },
    {
      "source": "security@android.com",
      "url": "http://www.securitytracker.com/id/1038201"
    },
    {
      "source": "security@android.com",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
    },
    {
      "source": "security@android.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/2017-04-01"
    },
    {
      "source": "security@android.com",
      "url": "https://www.exploit-db.com/exploits/41805/"
    },
    {
      "source": "security@android.com",
      "url": "https://www.exploit-db.com/exploits/41806/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/2017-04-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/41805/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/41806/"
    }
  ],
  "sourceIdentifier": "security@android.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-0561 (GCVE-0-2017-0561)

Vulnerability from cvelistv5

CERTFR-2017-AVI-099

Vulnerability from certfr_avis

Solution

CERTFR-2017-AVI-138

Vulnerability from certfr_avis

Solution

cnvd-2017-04553

Vulnerability from cnvd

ghsa-gwvj-5r5w-vc2g

Vulnerability from github

gsd-2017-0561

Vulnerability from gsd

fkie_cve-2017-0561

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature