P9 Plus Firmware
CVE-2017-8140
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.
AnalysisAI
The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-415. The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution. Affected products include: Huawei P9 Plus Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in P9 Plus Firmware
View allVideo driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software v
Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with soft
Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software v
P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the to
P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability.
The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability
Same weakness CWE-415 – Double Free
View allShare
External POC / Exploit Code
Leaving vuln.today