Security Advisory - Buffer overflow Vulnerability in CameraISP Driver of Huawei Smart Phone

2017-11-15T00:00:00
ID HUAWEI-SA-20171115-01-SMARTPHONE
Type huawei
Reporter Huawei Technologies
Modified 2017-11-15T00:00:00

Description

The CameraISP driver of some Huawei smart phones has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot. (Vulnerability ID: HWPSIRT-2017-07178)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8202.  Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-smartphone-en