Buffer Overflow Vulnerability in Huawei Honor 9 Smartphones
CVE-2017-8204

7.8HIGH

Key Information:

Vendor: McAfee
Status: Honor 9
Vendor: CVE Published:; 22 November 2017

Summary

A buffer overflow vulnerability exists in the Bastet driver of Huawei Honor 9 smartphones running software versions prior to Stanford-AL10C00B175. This flaw arises from insufficient parameter validation, enabling an attacker to potentially trick users into installing a malicious application that possesses root privileges. Once executed, this malicious app can send crafted parameters to the device driver, leading to arbitrary code execution and compromising the integrity of the device.

Affected Version(s)

Honor 9 Versions earlier than Stanford-AL10C00B175

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101962

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017