Arbitrary Memory Read/Write Vulnerability in Huawei Mate 9 Series
CVE-2017-17176

6.7MEDIUM

Key Information:

Vendor

McAfee

Vendor
CVE Published:
17 October 2018

What is CVE-2017-17176?

The Huawei Mate 9 and Mate 9 Pro smartphones have a vulnerability in their hardware security module that allows for arbitrary memory read and write operations. This issue arises from improper validation of input parameters, enabling an attacker with root access to the Android system to read or manipulate memory data indiscriminately and execute arbitrary code within the TrustZone environment, potentially compromising the device's security.

Affected Version(s)

Mate 9, Mate 9 Pro Versions earlier before MHA-AL00BC00B156, Versions earlier before MHA-CL00BC00B156, Versions earlier before MHA-DL00BC00B156, Versions earlier before MHA-TL00BC00B156, Versions earlier before LON-AL00BC00B156, Versions earlier before LON-CL00BC00B156, Versions earlier before LON-DL00BC00B156, Versions earlier before LON-TL00BC00B156

References

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.