CVE-2017-8172

Published: Nov 22, 2017Modified: May 13, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart.

Affected (2)

Products: Huawei: P10 Plus Firmware, P10 Firmware

2 products

P10 Plus Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P10 Plus Firmware	Before vky-al00c00b157

Running on/with	Platform Versions
Huawei P10 Plus	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P10 Firmware	Before vtr-al00c00b157

Running on/with	Platform Versions
Huawei P10	All versions

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (4)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en

Source: psirt@huawei.com

Vendor Advisory

http://www.securityfocus.com/bid/99370

Source: psirt@huawei.com

Third Party AdvisoryVDB Entry

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170628-01-isub-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/99370

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.