PT-2017-18178 · Huawei · Huawei P10 Plus+1

Published

2017-11-22

Updated

2017-12-12

CVE-2017-8172

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Huawei P10 Plus and P10 smartphones with versions earlier than VKY-AL00C00B157 Huawei P10 smartphones with versions earlier than VTR-AL00C00B157

Description The issue is related to a denial of service (DoS) vulnerability in the Isub service. An attacker can trick a user into installing a malicious application, which can send a given parameter to a specific interface. This results in an out-of-bounds array access, causing the smartphone to restart.

Recommendations For versions earlier than VKY-AL00C00B157 of Huawei P10 Plus, update to version VKY-AL00C00B157 or later. For versions earlier than VTR-AL00C00B157 of Huawei P10, update to version VTR-AL00C00B157 or later.

Fix

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

CVE-2017-8172

Affected Products

Huawei P10

Huawei P10 Plus

PT-2017-18178 · Huawei · Huawei P10 Plus+1

CVE-2017-8172

Weakness Enumeration

Related Identifiers

Affected Products

References · 4