CVE-2017-8150

EPSS 0.09%
Veröffentlicht 22.11.2017 19:29:03
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle psirt@huawei.com
Teams Watchlist Login
Unerledigt Login

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory writing in the next system reboot, causing continuous system reboot or arbitrary code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ P10 Firmware Version < victoria-l09ac605b162

Huawei ≫ P10 Version-

Huawei ≫ P10 Firmware Version < victoria-l29ac605b162

Huawei ≫ P10 Version-

Huawei ≫ P10 Plus Firmware Version < vicky-l29ac605b162

Huawei ≫ P10 Plus Version-

Huawei ≫ P8 Lite Firmware Version < ale-l21c113b566

Huawei ≫ P8 Lite Version-

Huawei ≫ P9 Firmware Version < eva-l09c432b391

Huawei ≫ P9 Version-

Huawei ≫ P9 Firmware Version < eva-l09c576b386

Huawei ≫ P9 Version-

Huawei ≫ P9 Firmware Version < eva-l09c605b390

Huawei ≫ P9 Version-

Huawei ≫ P9 Firmware Version < eva-l09c635b387

Huawei ≫ P9 Version-

Huawei ≫ P9 Firmware Version < eva-l09c636b388

Huawei ≫ P9 Version-

Huawei ≫ P9 Firmware Version < eva-l19c10b390

Huawei ≫ P9 Version-

Huawei ≫ P9 Firmware Version < eva-l19c432b388

Huawei ≫ P9 Version-

Huawei ≫ P9 Firmware Version < eva-l19c605b390

Huawei ≫ P9 Version-

Huawei ≫ P9 Firmware Version < eva-l19c636b391

Huawei ≫ P9 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.23

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-02-smartphone-en

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-8150

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8150

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8150

EUVD