Information Disclosure Vulnerability in NVIDIA Crypto Driver for Android
CVE-2017-0328

4.7MEDIUM

Key Information:

Vendor
Nvidia
Status
Android
Vendor
CVE Published:
5 April 2017

Summary

An information disclosure vulnerability exists in the NVIDIA crypto driver associated with the Android operating system. This flaw may allow a local malicious application to access sensitive data, circumventing the established permission levels of the system. Proper exploitation of this vulnerability requires an initial compromise of a privileged process, which adds a layer of difficulty to the attack. This vulnerability affects devices running Kernel 3.10 on Android platforms, highlighting the importance of security updates to mitigate potential risks.

Affected Version(s)

Android Kernel-3.10

References

http://www.securityfocus.com/bid/97347
vdb-entryx_refsource_BID
https://source.android.com/security/bulletin/2017-04-01.html
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038201
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.