Use After Free Vulnerability in Huawei Mate 9 and Mate 9 Pro Smartphones
CVE-2017-8142

7.8HIGH

Key Information:

Vendor: McAfee
Status: Mate 9, Mate 9 Pro
Vendor: CVE Published:; 22 November 2017

Summary

The Trusted Execution Environment (TEE) module driver in Huawei's Mate 9 and Mate 9 Pro smartphones is susceptible to a use after free vulnerability. In particular, this flaw occurs when an attacker persuades a user to install a malicious application. This application can initiate multiple threads and manipulate memory allocation by creating and freeing specific memory objects. Such actions can compromise memory access, potentially leading to a system crash or arbitrary code execution. Users should ensure their devices are updated to the latest software versions to mitigate this risk. For further information, please refer to Huawei's security advisory.

Affected Version(s)

Mate 9, Mate 9 Pro Versions earlier than MHA-AL00BC00B221, Versions earlier than LON-AL00BC00B221

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017