Arbitrary Memory Read/Write Vulnerability in Huawei Mate 9 Series
CVE-2017-17176

6.7MEDIUM

Key Information:

Vendor: McAfee
Status: Mate 9, Mate 9 Pro
Vendor: CVE Published:; 17 October 2018

What is CVE-2017-17176?

The Huawei Mate 9 and Mate 9 Pro smartphones have a vulnerability in their hardware security module that allows for arbitrary memory read and write operations. This issue arises from improper validation of input parameters, enabling an attacker with root access to the Android system to read or manipulate memory data indiscriminately and execute arbitrary code within the TrustZone environment, potentially compromising the device's security.

Affected Version(s)

Mate 9, Mate 9 Pro Versions earlier before MHA-AL00BC00B156, Versions earlier before MHA-CL00BC00B156, Versions earlier before MHA-DL00BC00B156, Versions earlier before MHA-TL00BC00B156, Versions earlier before LON-AL00BC00B156, Versions earlier before LON-CL00BC00B156, Versions earlier before LON-DL00BC00B156, Versions earlier before LON-TL00BC00B156

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
Dec 4, 2017

McAfee

What is CVE-2017-17176?

Affected Version(s)

References

CVSS V3.1

Timeline