Vieal10

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

huawei

CWE-415

NVD

Published: 2017-11-22

Updated: 2017-12-11

Summary

The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei P9 Plus Firmware Eva-L09C636B388 Huawei P9 Plus Firmware Vie-Al10	2
Hardware	Huawei Huawei P9 Plus -	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en