Double Free Vulnerability in Huawei Smartphones
CVE-2017-15330

5.5MEDIUM

Key Information:

Vendor: McAfee
Status: Vicky-al00a
Vendor: CVE Published:; 15 February 2018

What is CVE-2017-15330?

The Flp Driver in specific Huawei smartphones contains a double free vulnerability that can be exploited by malicious applications. Attackers can trick users into installing these applications, which have elevated privileges, allowing them to manipulate the device's memory management and potentially lead to a denial of service (DoS). This vulnerability highlights the importance of maintaining up-to-date software and being cautious with application installations.

Affected Version(s)

Vicky-AL00A Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 15, 2018
Vulnerability Reserved
Oct 14, 2017

McAfee

What is CVE-2017-15330?

Affected Version(s)

References

CVSS V3.1

Timeline