Use After Free Vulnerability in HUAWEI Mate 10 Smartphones
CVE-2018-7993

7.8HIGH

Key Information:

Vendor: McAfee
Status: Huawei Mate 10
Vendor: CVE Published:; 31 July 2018

Summary

The HUAWEI Mate 10 smartphone is vulnerable due to a use after free flaw in the mediaserver component, which affects versions prior to ALP-AL00 8.1.0.311. This vulnerability allows an attacker to persuade a user to install a malicious application, resulting in the potential for arbitrary code execution by referencing freed memory. Users are advised to ensure their devices are updated to mitigate the risk associated with this vulnerability.

Affected Version(s)

HUAWEI Mate 10 Versions earlier than ALP-AL00 8.1.0.311

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2018
Vulnerability Reserved
Mar 9, 2018