Lucene search

[email protected]CVE-2017-17227

HistoryMar 09, 2018 - 5:29 p.m.

CVE-2017-17227

2018-03-0917:29:01

CWE-787

CWE-125

[email protected]

web.nvd.nist.gov

cve-2017-17227

huawei mate 10

smartphones

gpu driver

out-of-bounds memory access

vulnerability

security

nvd

exploit

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.6%

JSON

GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution.

Affected configurations

NVD

Node

huaweimate_10_firmwareRange<alp-l09_8.0.0.120\(c212\)

AND

huaweimate_10Match-

Node

huaweimate_10_firmwareRange<alp-l09_8.0.0.127\(c900\)

AND

huaweimate_10Match-

Node

huaweimate_10_firmwareRange<alp-l09_8.0.0.128\(402\)

AND

huaweimate_10Match-

Node

huaweimate_10_firmwareRange<alp-l09_8.0.0.128\(c02\)

AND

huaweimate_10Match-

Node

huaweimate_10_firmwareRange<alp-l09_8.0.0.128\(c109\)

AND

huaweimate_10Match-

Node

huaweimate_10_firmwareRange<alp-l09_8.0.0.128\(c346\)

AND

huaweimate_10Match-

Node

huaweimate_10_firmwareRange<alp-l09_8.0.0.128\(c432\)

AND

huaweimate_10Match-

Node

huaweimate_10_firmwareRange<alp-l09_8.0.0.128\(c652\)

AND

huaweimate_10Match-

CPENameOperatorVersion
huawei:mate_10_firmwarehuawei mate 10 firmwareltalp-l09_8.0.0.120\(c212\)

CPE	Name	Operator	Version
huawei:mate_10_firmware	huawei mate 10 firmware	lt	alp-l09_8.0.0.120\(c212\)

CNA Affected

[
  {
    "product": "Mate 10",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "The versions before ALP-L09 8.0.0.120(C212)"
      },
      {
        "status": "affected",
        "version": "The versions before ALP-L09 8.0.0.127(C900)"
      },
      {
        "status": "affected",
        "version": "The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652)"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.6%

JSON

Related for CVE-2017-17227

prion1 cvelist1 nvd1 huawei1