Integer Overflow Vulnerability in Huawei Mate 9 Pro Camera Driver
CVE-2017-17324

7.8HIGH

Key Information:

Vendor: McAfee
Status: Mate 9 Pro
Vendor: CVE Published:; 9 March 2018

Summary

The Huawei Mate 9 Pro smartphones are at risk due to an integer overflow vulnerability in the camera driver, which fails to properly validate external input parameters. This oversight can lead to an integer overflow, subsequently resulting in a buffer overflow after processing. If exploited, an attacker can trick the user into installing a specially crafted application, potentially leading to the execution of malicious code.

Affected Version(s)

Mate 9 Pro LON-AL00BC00B139D

Mate 9 Pro LON-AL00BC00B229

References

http://www.huawei.com/en/psirt/security-advisories/2018/h...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2018
Vulnerability Reserved
Dec 4, 2017