Vulnerabilities > CVE-2018-7993 - Use After Free vulnerability in Huawei Mate 10 Firmware

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

huawei

CWE-416

critical

NVD

Published: 2018-07-31

Updated: 2018-10-04

Summary

HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Mate 10 Firmware - Huawei Mate 10 Firmware 9.0.0.159\(C432E4R1P9T8\) Huawei Mate 10 Firmware 9.0.0.159\(C636E2R1P12T8\) Huawei Mate 10 Firmware 9.0.0.167\(C00E85R2P20T8\) Huawei Mate 10 Firmware 9.0.0.177\(C185E2R1P12T8\)	5
Hardware	Huawei Huawei Mate 10 -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en