CVE-2017-0553

Priority
Medium
Description
An elevation of privilege vulnerability in libnl could enable a local
malicious application to execute arbitrary code within the context of the
Wi-Fi service. This issue is rated as Moderate because it first requires
compromising a privileged process and is mitigated by current platform
configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
7.1.1. Android ID: A-32342065.
References
Bugs
Notes
 sarnold> I'm not sure this fix is strictly a security fix; the checkin
  comment gives me the impression callers are completely trusted.
Assigned-to
mdeslaur
Package
Upstream:released (3.2.27-2)
Ubuntu 17.10 (Artful Aardvark):released (3.2.29-0ubuntu3)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.2.3-2ubuntu2.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.2.21-1ubuntu4.1)
Ubuntu Core 15.04:needed
Ubuntu 16.04 LTS (Xenial Xerus):released (3.2.27-1ubuntu0.16.04.1)
Ubuntu 16.10 (Yakkety Yak):released (3.2.27-1ubuntu0.16.10.1)
Ubuntu 17.04 (Zesty Zapus):released (3.2.29-0ubuntu2.1)
Patches:
Upstream:http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
Package
Source: libnl (LP Ubuntu Debian)
Upstream:needed
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [1.1-7+deb7u1build0.12.04.1])
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 16.10 (Yakkety Yak):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Patches:
Upstream:http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
More Information

Updated: 2017-06-19 22:14:13 UTC (commit 12772)