Mate 9 Firmware
CVE-2017-8142
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution.
AnalysisAI
The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution. Affected products include: Huawei Mate 9 Firmware, Huawei Mate 9 Pro Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.
More in Mate 9 Firmware
View allThe baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0
The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart p
The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 has buffer overflow vulnerability. Rated high sever
Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Rated high se
Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. Rated high s
Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier befor
Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. Rated medium severity (CVSS 6.8), this vulnerabil
Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than 8.0.0.129(SP2C00) and earlier versions than 8.0.0
The Near Field Communication (NFC) module in Mate 9 Huawei mobile phones with the versions before MHA-L29B 8.0.0.366(C56
Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143C
Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 Pro versions earlier than 8.0.0.356(C00); P10 Plu
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang
Same weakness CWE-416 – Use After Free
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today