CVE-2017-0806

HIGH

Android <8.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-0806. PoCs published by michalbednarski.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2017-0806, demonstrating a writeToParcel/createFromParcel mismatch in the Android GateKeeperResponse class. The exploit manipulates Bundle serialization to achieve privilege escalation by crafting ambiguous parcel data.

Description

An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.

Exploits (1)

nomisec WORKING POC 24 stars

by michalbednarski · poc

https://github.com/michalbednarski/ReparcelBug

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2017-0806, demonstrating a writeToParcel/createFromParcel mismatch in the Android GateKeeperResponse class. The exploit manipulates Bundle serialization to achieve privilege escalation by crafting ambiguous parcel data.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Android Framework (versions affected by CVE-2017-0806)

No auth needed

Prerequisites: Access to a vulnerable Android device or emulator

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Issue Tracking, Patch, Vendor Advisory x_refsource_confirm

https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/101086

Patch, Vendor Advisory x_refsource_confirm

https://source.android.com/security/bulletin/2017-10-01

Scores

CVSS v3 7.8

EPSS 0.0115

EPSS Percentile 62.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-502

Status published

Products (13)

google/android 6.0

google/android 6.0.1

google/android 7.0

google/android 7.1.0

google/android 7.1.1

google/android 7.1.2

google/android 8.0

Google Inc./Android 6.0

Google Inc./Android 6.0.1

Google Inc./Android 7.0

... and 3 more

Published Oct 04, 2017

Tracked Since Feb 18, 2026