CVE-2017-8149

2017-11-2219:00:00

huawei

www.cve.org

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. the APP can modify specific data to cause buffer overflow in the next system reboot, causing out-of-bounds memory read which can continuous system reboot.

CNA Affected

[
  {
    "product": "P10, P10 Plus",
    "vendor": "Huawei Technologies Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "The versions before Victoria-L09AC605B162, The versions before Victoria-L29AC605B162, The versions before Vicky-L29AC605B162"
      }
    ]
  }
]

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-smartphone-en