CVE-2017-17173Improper Input Validation in Huawei Mate 9 PRO Fimware

CWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 70.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Mate 9 PRO FimwareHuawei Technologies CO LTD Mate 9 PRO
Timeline
PublishedJun 14
Latest updateMay 14

Description

Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/mate_9_pro_fimware< lon-al00b_8.0.0.356\(c00\)
CVEListV5huawei_technologies_co_ltd/mate_9_proThe versions before LON-AL00B 8.0.0.356(C00)

🔴Vulnerability Details

2
GHSA
GHSA-gmcx-8jp4-4q98: Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 82022-05-14
CVEList
CVE-2017-17173: Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 82018-06-14
CVE-2017-17173 — Improper Input Validation in Huawei | cvebase