Design/Logic Flaw

2018-03-0917:29:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

31.6%

JSON

GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution.

CPENameOperatorVersion
mate_10_firmwareeq< alpl98.0.0.120c212
mate_10_firmwareeq< alpl98.0.0.127c900
mate_10_firmwareeq< alpl98.0.0.128402
mate_10_firmwareeq< alpl98.0.0.128c2
mate_10_firmwareeq< alpl98.0.0.128c109
mate_10_firmwareeq< alpl98.0.0.128c346
mate_10_firmwareeq< alpl98.0.0.128c432
mate_10_firmwareeq< alpl98.0.0.128c652

Name	Operator	Version
mate_10_firmware	eq	< alpl98.0.0.120c212
mate_10_firmware	eq	< alpl98.0.0.127c900
mate_10_firmware	eq	< alpl98.0.0.128402
mate_10_firmware	eq	< alpl98.0.0.128c2
mate_10_firmware	eq	< alpl98.0.0.128c109
mate_10_firmware	eq	< alpl98.0.0.128c346
mate_10_firmware	eq	< alpl98.0.0.128c432
mate_10_firmware	eq	< alpl98.0.0.128c652

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en

0.001 Low

EPSS

Percentile

31.6%

JSON

Related for PRION:CVE-2017-17227