CVE-2017-15325

2018-03-2316:00:00

huawei

www.cve.org

EPSS

0.001

Percentile

31.8%

JSON

The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.

CNA Affected

[
  {
    "product": "Prague",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "Versions earlier than Prague-AL00AC00B211, Versions earlier than Prague-AL00BC00B211, Versions earlier than Prague-AL00CC00B211, Versions earlier than Prague-TL00AC01B211, Versions earlier than Prague-TL10AC01B211"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180321-01-smartphone-en

EPSS

0.001

Percentile

31.8%

JSON

Related for CVELIST:CVE-2017-15325