Aravind Machiry

Name of the Vulnerable Software and Affected Versions: HUAWEI P9 Lite versions earlier than VNS-L21C02B341 HUAWEI P9 Lite versions earlier than VNS-L21C22B380 HUAWEI P9 Lite versions earlier than VNS-L31C02B341 HUAWEI P9 Lite versions earlier than VNS-L31C440B390 HUAWEI P9 Lite versions earlier than VNS-L31C636B396 Description: The issue is caused by a buffer overflow vulnerability in the inputhub driver due to the lack of parameter validation. An attacker can exploit this by tricking a user into installing a malicious APP, which sends specific data to the inputhub driver. Successful exploitation could cause the system to reboot. Recommendations: For versions earlier than VNS-L21C02B341, update to VNS-L21C02B341 or later. For versions earlier than VNS-L21C22B380, update to VNS-L21C22B380 or later. For versions earlier than VNS-L31C02B341, update to VNS-L31C02B341 or later. For versions earlier than VNS-L31C440B390, update to VNS-L31C440B390 or later. For versions earlier than VNS-L31C636B396, update to VNS-L31C636B396 or later.

Name of the Vulnerable Software and Affected Versions: Huawei Smartphones version VNS-L21AUTC555B141 Huawei Smartphones version VNS-L21C10B160 Huawei Smartphones version VNS-L21C66B160 Huawei Smartphones version VNS-L21C703B140 Description: The issue is related to an array out-of-bounds read. Due to the lack of array verification, an attacker can trick a user into installing a malicious application. This application can exploit the issue, allowing the attacker to read out of the array bounds, potentially causing the device to behave abnormally. Recommendations: For version VNS-L21AUTC555B141, update the software to a version that includes the fix for this issue. For version VNS-L21C10B160, update the software to a version that includes the fix for this issue. For version VNS-L21C66B160, update the software to a version that includes the fix for this issue. For version VNS-L21C703B140, update the software to a version that includes the fix for this issue. As a temporary workaround, consider restricting the installation of applications from untrusted sources to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Huawei Smartphones version VNS-L21AUTC555B141 Description: The issue is related to an out-of-bounds read due to a lack of string terminator, which can be exploited by a malicious application. An attacker can trick a user into installing such an application, allowing the attacker to read out of bounds and potentially cause device abnormalities. Recommendations: For version VNS-L21AUTC555B141, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Huawei Mate 9 versions before MHA-AL00B 8.0.0.334(C00) Huawei Mate 9 pro versions before LON-AL00B 8.0.0.334(C00) Description: The issue is related to an information leak vulnerability in the date service proxy implementation. An attacker can exploit this by tricking a user into installing a malicious application, which can then access kernel data, potentially leading to sensitive information leaks. Recommendations: For Huawei Mate 9 versions before MHA-AL00B 8.0.0.334(C00), update to version MHA-AL00B 8.0.0.334(C00) or later. For Huawei Mate 9 pro versions before LON-AL00B 8.0.0.334(C00), update to version LON-AL00B 8.0.0.334(C00) or later.

**Name of the Vulnerable Software and Affected Versions** Huawei P10 versions before Victoria-L09AC605B162 Huawei P10 versions before Victoria-L29AC605B162 Huawei P10 Plus versions before Vicky-L29AC605B162 **Description** The issue is caused by a lack of parameter validation, leading to an out-of-bounds memory access. An attacker with root privilege on an Android system can trick a user into installing a malicious app, which can modify specific data to cause a buffer overflow during the next system reboot. This results in an out-of-bounds memory read, potentially causing continuous system reboots. **Recommendations** For Huawei P10 versions before Victoria-L09AC605B162, update to a version after Victoria-L09AC605B162 to resolve the issue. For Huawei P10 versions before Victoria-L29AC605B162, update to a version after Victoria-L29AC605B162 to resolve the issue. For Huawei P10 Plus versions before Vicky-L29AC605B162, update to a version after Vicky-L29AC605B162 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Huawei P10 versions before Victoria-L09AC605B162 Huawei P10 versions before Victoria-L29AC605B162 Huawei P10 Plus versions before Vicky-L29AC605B162 **Description** The issue is related to an arbitrary memory write vulnerability in the boot loaders of Huawei P10 and P10 Plus mobile phones. This vulnerability is caused by the lack of parameter validation. An attacker with root privilege of an Android system can trick a user into installing a malicious APP, which can modify specific data to cause arbitrary memory writing in the next system reboot. This can lead to continuous system reboot or arbitrary code execution. **Recommendations** For Huawei P10 versions before Victoria-L09AC605B162, update to a version after Victoria-L09AC605B162 to resolve the issue. For Huawei P10 versions before Victoria-L29AC605B162, update to a version after Victoria-L29AC605B162 to resolve the issue. For Huawei P10 Plus versions before Vicky-L29AC605B162, update to a version after Vicky-L29AC605B162 to resolve the issue. As a temporary workaround, consider restricting the installation of APPs from untrusted sources to minimize the risk of exploitation.