Security Advisory - Multiple Vulnerabilities in MTK Platform

2017-11-15T00:00:00
ID HUAWEI-SA-20171115-01-MTK
Type huawei
Reporter Huawei Technologies
Modified 2017-11-15T00:00:00

Description

There are multiple vulnerabilities in MTK platform used in Huawei smart phones. There is a out-of-bound read vulnerability in MTK platform used in Huawei smart phones. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter and cause to memory out-of-bound read. (Vulnerability ID: HWPSIRT-2017-06162) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8182. There are two any memory access vulnerabilities in MTK platform. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage. (Vulnerability ID: HWPSIRT-2017-06163 and HWPSIRT-2017-06164) The two vulnerabilities have been assigned two Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-8183 and CVE-2017-8184. Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en