CVE-2017-0329

HIGH

Android Kernel <3.18 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0329. PoCs published by codecat007.

AI-analyzed exploit summary The PoC demonstrates CVE-2017-0329 by modifying the 'reset_offset' field in the firmware header of 'bpmp.bin' to exploit a vulnerability in the NVIDIA Tegra BPMP firmware. This allows arbitrary code execution by replacing the firmware file and rebooting the device.

Description

An elevation of privilege vulnerability in the NVIDIA boot and power management processor driver could enable a local malicious application to execute arbitrary code within the context of the boot and power management processor. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID:A-34115304. References: N-CVE-2017-0329.

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/kernel/CVE-2017-0329

View Code ZIP pw:eip

The PoC demonstrates CVE-2017-0329 by modifying the 'reset_offset' field in the firmware header of 'bpmp.bin' to exploit a vulnerability in the NVIDIA Tegra BPMP firmware. This allows arbitrary code execution by replacing the firmware file and rebooting the device.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: NVIDIA Tegra BPMP firmware (Android devices with Tegra210 chipset)

No auth needed

Prerequisites: Access to the device's filesystem to replace the firmware file · Ability to reboot the device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_confirm

https://source.android.com/security/bulletin/2017-04-01.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97353

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038201

Scores

CVSS v3 7.0

EPSS 0.0017

EPSS Percentile 37.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (2)

linux/linux_kernel 3.18

Nvidia Corporation/Android Kernel-3.18

Published Apr 05, 2017

Tracked Since Feb 18, 2026