Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20180418-01-SMARTPHONE
HistoryApr 18, 2018 - 12:00 a.m.

Security Advisory - Double Free Vulnerability in Some Huawei Smart Phones

2018-04-1800:00:00
Huawei Technologies
www.huawei.com
10

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.4%

The Mali Driver of some Huawei smart phones has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot. (Vulnerability ID: HWPSIRT-2018-02020)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-7899.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone-en

Affected configurations

Vulners
Node
huaweiberkeley-al20Match8.0.0.105
OR
huaweiberkeley-al20Match8.0.0.111
OR
huaweiberkeley-al20Match8.0.0.112d
OR
huaweiberkeley-al20Match8.0.0.116
OR
huaweiberkeley-al20Match8.0.0.119
OR
huaweiberkeley-al20Match8.0.0.119d
OR
huaweiberkeley-al20Match8.0.0.122
OR
huaweiberkeley-al20Match8.0.0.132
OR
huaweiberkeley-al20Match8.0.0.132d
OR
huaweiberkeley-al20Match8.0.0.142
OR
huaweiberkeley-al20Match8.0.0.151
OR
huaweiberkeley-bdMatch1.0.0.21
OR
huaweiberkeley-bdMatch1.0.0.22
OR
huaweiberkeley-bdMatch1.0.0.23
OR
huaweiberkeley-bdMatch1.0.0.24
OR
huaweiberkeley-bdMatch1.0.0.26
OR
huaweiberkeley-bdMatch1.0.0.29

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

23.4%

Related for HUAWEI-SA-20180418-01-SMARTPHONE