CVE-2017-15311

CWE-119 — Buffer Overflow3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 69.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Mate 10 Firmware Huawei Mate 10 PRO Firmware Huawei Mate 9 Firmware +5 more

Timeline

PublishedDec 22

Latest updateMay 14

Description

The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. Th…

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶NVDhuawei/mate_9_firmware< mha-al00b_8.0.0.334\(c00\)

▶NVDhuawei/mate_10_firmware< alp-al00_8.0.0.120\(sp2c00\)

▶NVDhuawei/mate_9_pro_firmware< lon-al00b_8.0.0.334\(c00\)

▶NVDhuawei/mate_10_pro_firmware< bla-al00_8.0.0.120\(sp2c00\)

▶CVEListV5huawei_technologies_co.,_ltd./mate_9before MHA-AL00B 8.0.0.334(C00)

🔴Vulnerability Details

GHSA

GHSA-j9rv-r9r2-7hjg: The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8↗2022-05-14

▶

CVEList

CVE-2017-15311: The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8↗2017-12-22

▶