CVE-2017-0576

🗓️ 07 Apr 2017 22:00:00Reported by google_androidType

cve🔗 web.nvd.nist.gov👁 76 Views🌐 WEB

EoP vulnerability in Qualcomm crypto engine driver, allows local app to execute arbitrary code

Reporter	Title	Published	Views	Family All 9
Android Security Bulletins	Android Security Bulletin—April 2017Stay organized with collectionsSave and categorize content based on your preferences.	3 Apr 201700:00	–	androidsecurity
CNVD	Google Android Qualcomm Crypto Engine Driver Elevation of Privilege Vulnerability	11 Apr 201700:00	–	cnvd
Cvelist	CVE-2017-0576	7 Apr 201722:00	–	cvelist
EUVD	EUVD-2017-0930	7 Oct 202500:30	–	euvd
NVD	CVE-2017-0576	7 Apr 201722:59	–	nvd
OSV	UBUNTU-CVE-2017-0576	7 Apr 201722:59	–	osv
Prion	Privilege escalation	7 Apr 201722:59	–	prion
seebug.org	Elevation of privilege vulnerability in Qualcomm crypto engine driver(CVE-2017-0576)	4 Apr 201700:00	–	seebug
UbuntuCve	CVE-2017-0576	7 Apr 201722:59	–	ubuntucve

NVD

Vulners

Node

linux linux_kernelMatch3.10

linux linux_kernelMatch3.18

[
  {
    "product": "Android",
    "vendor": "Google Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Kernel-3.10"
      },
      {
        "status": "affected",
        "version": "Kernel-3.18"
      }
    ]
  }
]

Source	Link
source	www.source.android.com/security/bulletin/2017-04-01
github	www.github.com/derrekr/android_security/commit/0dd1a733e60cf5239c0a185d4219ba2ef1118a8b
securityfocus	www.securityfocus.com/bid/97395
securitytracker	www.securitytracker.com/id/1038201

Parameter	Position	Path	Description	CWE
QCEDEV_IOCTL_ENC_REQ	binary	/dev/qce	IOCTL interfaces used by the QCE driver to perform encryption/decryption, exploited by PoC to trigger kernel context operations	CWE-190
QCEDEV_IOCTL_DEC_REQ	binary	/dev/qce	IOCTL interfaces used by the QCE driver to perform encryption/decryption, exploited by PoC to trigger kernel context operations	CWE-190

13 May 2026 00:24Current

6.9Medium risk

Vulners AI Score6.9

CVSS 37

CVSS 27.6

EPSS0.0023

CWE-190