Vulnerability Name: | CVE-2017-17320 (CCN-140344) | ||||||||||||
Assigned: | 2017-12-04 | ||||||||||||
Published: | 2018-03-14 | ||||||||||||
Updated: | 2018-04-13 | ||||||||||||
Summary: | Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution. | ||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-415 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-17320 Source: CCN Type: huawei-sa-20180314-02-smartphone Memory Double Free Vulnerability on Huawei Smartphones Source: CONFIRM Type: Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en Source: XF Type: UNKNOWN huawei-cve201717320-code-exec(140344) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |