Vulnerabilities > CVE-2017-8141 - Double Free vulnerability in Huawei P10 Plus Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

huawei

CWE-415

NVD

Published: 2017-11-22

Updated: 2017-12-11

Summary

The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei P10 Plus Firmware - Huawei P10 Plus Firmware 8.0.0.357\(C00\) Huawei P10 Plus Firmware 9.1.0.201\(C01E75R1P12T8\) Huawei P10 Plus Firmware 9.1.0.252\(C185E2R1P9T8\) Huawei P10 Plus Firmware 9.1.0.252\(C432E4R1P9T8\) Huawei P10 Plus Firmware 9.1.0.255\(C576E6R1P8T8\) Huawei P10 Plus Firmware Vicky-Al00Ac00B172 Huawei P10 Plus Firmware Vicky-Al00Ac00B172D Huawei P10 Plus Firmware Vicky-L29Ac605B162 Huawei P10 Plus Firmware Vky-Al00C00B123	10
Hardware	Huawei Huawei P10 Plus -	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-smartphone-en