CVE-2017-17324

7.8HIGH

Key Information:

Vendor: McAfee
Status: Mate 9 Pro
Vendor: CVE Published:; 9 March 2018

Summary

Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution.

Affected Version(s)

Mate 9 Pro LON-AL00BC00B139D

Mate 9 Pro LON-AL00BC00B229

References

http://www.huawei.com/en/psirt/security-advisories/2018/h...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2018
Vulnerability Reserved
Dec 4, 2017