CVE-2017-8160

Published: Nov 22, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution.

Affected (6)

Products: Huawei: Vicky Al00a Firmware, Vicky Al00c Firmware, Vicky Tl00a Firmware, Victoria Al00a Firmware, Victoria Tl00a Firmware

5 products

Victoria Al00a Firmware

Victoria Tl00a Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Vicky Al00a Firmware	Before vicky-al00ac00b172

Running on/with	Platform Versions
Huawei Vicky Al00a	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Vicky Al00c Firmware	Version vicky-al00cc768b122

Running on/with	Platform Versions
Huawei Vicky Al00c	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Vicky Tl00a Firmware	Version vicky-tl00ac01b167

Running on/with	Platform Versions
Huawei Vicky Tl00a	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Victoria Al00a Firmware	Before victoria-al00ac00b172_

Running on/with	Platform Versions
Huawei Victoria Al00a	All versions

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Victoria Tl00a Firmware	Version victoria-tl00ac00b123

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Victoria Tl00a Firmware	Version victoria-tl00ac01b167

Running on/with	Platform Versions
Huawei Victoria Tl00a	All versions

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (2)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.