PT-2017-18209 · Huawei · Honor 9

Published

2017-11-22

Updated

2017-12-11

CVE-2017-8205

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Honor 9 Huawei smart phones versions earlier than Stanford-AL10C00B175

Description The issue is caused by an integer overflow vulnerability in the Bastet driver due to the lack of parameter validation. An attacker can trick a user into installing a malicious APP with root privilege, which can then send a specific parameter to the driver, potentially leading to arbitrary code execution.

Recommendations For versions earlier than Stanford-AL10C00B175, consider restricting the installation of apps to only those from trusted sources and avoiding granting root privileges to untrusted applications until a fix is available.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2017-8205

Affected Products

Honor 9

PT-2017-18209 · Huawei · Honor 9

CVE-2017-8205

Weakness Enumeration

Related Identifiers

Affected Products

References · 4