Name of the Vulnerable Software and Affected Versions Huawei Mate 9 Pro (affected versions not specified)

Description The issue is related to the getLoginInformation function of the SMC handler in the TEE OS Trusted Core operating system, specifically with the GLOBAL CMD ID OPEN SESSION command. It lacks validation of the incoming phy address, which can be exploited by a local attacker to cause a denial of service or read the TEE OS kernel's virtual memory at an arbitrary address. The exploitation involves inputting a required physical address into the login data phy field.

Recommendations For the affected Huawei Mate 9 Pro versions, as a temporary workaround, consider disabling the getLoginInformation function until a patch is available. Restrict access to the SMC handler to minimize the risk of exploitation. Avoid using the login data phy field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.