CVE-2017-8140

Published: Nov 22, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.

Affected (1)

Products: Huawei: P9 Plus Firmware

1 product

P9 Plus Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P9 Plus Firmware	Before vie-al10bc00b353

Running on/with	Platform Versions
Huawei P9 Plus	All versions

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.