Vickyal00Ac00B167

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

huawei

CWE-415

NVD

Published: 2018-02-15

Updated: 2018-03-07

Summary

The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Vicky Al00A Firmware Vicky-Al00Ac00B124D Huawei Vicky Al00A Firmware Vicky-Al00Ac00B157D Huawei Vicky Al00A Firmware Vicky-Al00Ac00B167	3
Hardware	Huawei Huawei Vicky Al00A -	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en