Lonl29Dc721B188

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

huawei

CWE-415

critical

NVD

Published: 2018-03-20

Updated: 2018-04-13

Summary

Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Mate 9 PRO Firmware Lon-Al00Bc00B139D Huawei Mate 9 PRO Firmware Lon-Al00Bc00B229 Huawei Mate 9 PRO Firmware Lon-L29Dc721B188	3
Hardware	Huawei Huawei Mate 9 PRO -	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en