Design/Logic Flaw

2017-11-2219:29:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.1%

JSON

MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage.

CPENameOperatorVersion
mtk_platform_smart_phone_firmwareeq< nice-al10c0b140
mtk_platform_smart_phone_firmwareeq< nice-al0c0b160

CPE	Name	Operator	Version
	mtk_platform_smart_phone_firmware	eq	< nice-al10c0b140
	mtk_platform_smart_phone_firmware	eq	< nice-al0c0b160

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en