PT-2017-18158 · Google+1 · Android+2
Aravind Machiry
·
Published
2017-11-22
·
Updated
2017-12-08
·
CVE-2017-8149
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Huawei P10 versions before Victoria-L09AC605B162
Huawei P10 versions before Victoria-L29AC605B162
Huawei P10 Plus versions before Vicky-L29AC605B162
Description
The issue is caused by a lack of parameter validation, leading to an out-of-bounds memory access. An attacker with root privilege on an Android system can trick a user into installing a malicious app, which can modify specific data to cause a buffer overflow during the next system reboot. This results in an out-of-bounds memory read, potentially causing continuous system reboots.
Recommendations
For Huawei P10 versions before Victoria-L09AC605B162, update to a version after Victoria-L09AC605B162 to resolve the issue.
For Huawei P10 versions before Victoria-L29AC605B162, update to a version after Victoria-L29AC605B162 to resolve the issue.
For Huawei P10 Plus versions before Vicky-L29AC605B162, update to a version after Vicky-L29AC605B162 to resolve the issue.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Huawei P10
Huawei P10 Plus