Vieal10

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

huawei

CWE-415

critical

NVD

Published: 2017-11-22

Updated: 2017-12-11

Summary

The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei P9 Plus Firmware Eva-L09C636B388 Huawei P9 Plus Firmware Vie-Al10	2
Hardware	Huawei Huawei P9 Plus -	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en