Skip to main content

Mate 9 Firmware CVE-2017-8142

HIGH
Use After Free (CWE-416)
2017-11-22 psirt@huawei.com
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 22, 2017 - 19:29 cve.org
HIGH 7.8

DescriptionCVE.org

The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution.

AnalysisAI

The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution. Affected products include: Huawei Mate 9 Firmware, Huawei Mate 9 Pro Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

CVE-2017-15311 HIGH
8.8 Dec 22

The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0

CVE-2017-15316 HIGH
7.8 Dec 22

The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart p

CVE-2017-2716 HIGH
7.8 Nov 22

The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 has buffer overflow vulnerability. Rated high sever

CVE-2017-2706 HIGH
7.1 Nov 22

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Rated high se

CVE-2017-2707 HIGH
7.1 Nov 22

Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. Rated high s

CVE-2017-2703 MEDIUM
6.8 Nov 22

Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier befor

CVE-2017-2702 MEDIUM
6.8 Nov 22

Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. Rated medium severity (CVSS 6.8), this vulnerabil

CVE-2018-7940 MEDIUM
6.2 May 10

Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0

CVE-2018-7930 MEDIUM
5.7 Apr 11

The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C56

CVE-2017-8144 MEDIUM
5.5 Nov 22

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143C

CVE-2018-7992 MEDIUM
5.5 Jul 31

Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plu

CVE-2019-5264 MEDIUM
4.6 Dec 13

There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang

Share

CVE-2017-8142 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy