Arbitrary Memory Free Vulnerability in Huawei Mate 9 Pro GPU Driver
CVE-2017-17173

7.8HIGH

Key Information:

Vendor: McAfee
Status: Mate 9 Pro
Vendor: CVE Published:; 14 June 2018

Summary

The Huawei Mate 9 Pro GPU driver suffers from an arbitrary memory free vulnerability, caused by insufficient parameter verification. This flaw allows attackers to exploit the vulnerability by tricking users into installing malicious applications. Once the exploit is executed, specific parameters can be sent to the GPU driver, potentially leading to a crash of the smartphone or enabling arbitrary code execution. Users are advised to update their devices to protect against these threats.

Affected Version(s)

Mate 9 Pro The versions before LON-AL00B 8.0.0.356(C00)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2018
Vulnerability Reserved
Dec 4, 2017