CVE-2017-8150

Name of the Vulnerable Software and Affected Versions Huawei P10 versions before Victoria-L09AC605B162 Huawei P10 versions before Victoria-L29AC605B162 Huawei P10 Plus versions before Vicky-L29AC605B162

Description The issue is related to an arbitrary memory write vulnerability in the boot loaders of Huawei P10 and P10 Plus mobile phones. This vulnerability is caused by the lack of parameter validation. An attacker with root privilege of an Android system can trick a user into installing a malicious APP, which can modify specific data to cause arbitrary memory writing in the next system reboot. This can lead to continuous system reboot or arbitrary code execution.

Recommendations For Huawei P10 versions before Victoria-L09AC605B162, update to a version after Victoria-L09AC605B162 to resolve the issue. For Huawei P10 versions before Victoria-L29AC605B162, update to a version after Victoria-L29AC605B162 to resolve the issue. For Huawei P10 Plus versions before Vicky-L29AC605B162, update to a version after Vicky-L29AC605B162 to resolve the issue. As a temporary workaround, consider restricting the installation of APPs from untrusted sources to minimize the risk of exploitation.