CVE-2017-0455: An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code wit...

Description

An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-32370952. References: QC-CR#1082755.

Metrics

EPSS Probability

1.67%

73.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	3.18

References

Timeline

Published: Mar 8, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-0455?

An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in depth or exploit mitigation technology. Product: Android. Versions: Kernel-3.18. Android ID: A-32370952. References: QC-CR#1082755.

How severe is CVE-2017-0455?

Severity scoring for CVE-2017-0455 is pending analysis. The EPSS model estimates a 1.67% probability of exploitation in the next 30 days.

How do I fix CVE-2017-0455?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.