Security Advisory - Multiple Vulnerabilities in MTK Platform

There are multiple vulnerabilities in MTK platform used in Huawei smart phones.

There is a out-of-bound read vulnerability in MTK platform used in Huawei smart phones. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter and cause to memory out-of-bound read. (Vulnerability ID: HWPSIRT-2017-06162)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8182.

There are two any memory access vulnerabilities in MTK platform. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage. (Vulnerability ID: HWPSIRT-2017-06163 and HWPSIRT-2017-06164)

The two vulnerabilities have been assigned two Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-8183 and CVE-2017-8184.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en