CVE-2017-17320

Published: Mar 20, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.

Affected (3)

Products: Huawei: Mate 9 Pro Firmware

Huawei

1 product

Mate 9 Pro Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Mate 9 Pro Firmware	Version lon-al00bc00b139d
Huawei Mate 9 Pro Firmware	Version lon-al00bc00b229
Huawei Mate 9 Pro Firmware	Version lon-l29dc721b188

Running on/with	Platform Versions
Huawei Mate 9 Pro	All versions

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.