Stack Overflow Vulnerability in Baseband Modules of Huawei Smartphones
CVE-2017-15311

8.8HIGH

Key Information:

Vendor: McAfee
Status: Mate 10; Mate 10 Pro; Mate 9; Mate 9 Pro
Vendor: CVE Published:; 22 December 2017

Summary

The baseband modules of specific Huawei smartphones are vulnerable to a stack overflow attack due to inadequate parameter validation. This vulnerability allows attackers to send specially crafted packets within radio range, leading to potential Denial of Service (DoS) or remote code execution impacts in the baseband module. Users must ensure their devices are updated to the respective software versions to mitigate this risk.

Affected Version(s)

Mate 10 before ALP-AL00 8.0.0.120(SP2C00)

Mate 10 Pro before BLA-AL00 8.0.0.120(SP2C00)

Mate 9 before MHA-AL00B 8.0.0.334(C00)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 22, 2017
Vulnerability Reserved
Oct 14, 2017