CVE-2017-0412

HIGH

Android 7.0, 7.1.1 - Privilege Escalation via Framework APIs Race Condition

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0412. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a race condition in Android's MemoryIntArray class to cause out-of-bounds memory access and trigger a munmap operation with a controlled size, leading to a system_server crash. The PoC demonstrates the vulnerability by manipulating ashmem descriptors during critical operations.

Description

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosandroid

https://www.exploit-db.com/exploits/41355

View Code ZIP pw:eip

This exploit leverages a race condition in Android's MemoryIntArray class to cause out-of-bounds memory access and trigger a munmap operation with a controlled size, leading to a system_server crash. The PoC demonstrates the vulnerability by manipulating ashmem descriptors during critical operations.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Android 7.0 - 7.1

No auth needed

Prerequisites: Access to a vulnerable Android device · Ability to execute code on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/41355/

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037798

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96056

Vendor Advisory x_refsource_confirm

https://source.android.com/security/bulletin/2017-02-01.html

Scores

CVSS v3 7.8

EPSS 0.0254

EPSS Percentile 82.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-367

Status published

Products (5)

google/android 7.0

google/android 7.1.0

google/android 7.1.1

Google Inc./Android Android-7.0

Google Inc./Android Android-7.1.1

Published Feb 08, 2017

Tracked Since Feb 18, 2026