Arbitrary Memory Write Vulnerability in Huawei P10 and P10 Plus Boot Loaders
CVE-2017-8150

7.8HIGH

Key Information:

Vendor: McAfee
Status: P10, P10 Plus
Vendor: CVE Published:; 22 November 2017

Summary

An arbitrary memory write vulnerability exists within the boot loaders of Huawei P10 and P10 Plus mobile phones due to insufficient parameter validation. This flaw allows an attacker, who has root privileges on the Android system, to potentially mislead users into installing a malicious application. Once installed, the malicious app can alter specific data to facilitate arbitrary memory write actions during the next system reboot, which may lead to indefinite system reboots or arbitrary code execution. It is crucial for users to ensure their devices are running the latest software versions to mitigate this vulnerability.

Affected Version(s)

P10, P10 Plus The versions before Victoria-L09AC605B162, The versions before Victoria-L29AC605B162, The versions before Vicky-L29AC605B162

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017