CVE-2017-8149
Last modified
CVE-2017-8149 is a vulnerability of currently unknown severity. The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. the APP can modify specific data to cause buffer overflow in the next system reboot, causing out-of-bounds memory read which can continuous system reboot.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Huawei | P10 Firmware | < victoria-l09ac605b162 |
| Huawei | P10 Firmware | < victoria-l29ac605b162 |
| Huawei | P10 Plus Firmware | < vicky-l29ac605b162 |
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-smartphone-enIssue Tracking, Vendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-01-smartphone-enIssue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8149?
How severe is CVE-2017-8149?
How do I fix CVE-2017-8149?
Are you affected by CVE-2017-8149?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST