CVE-2017-8141

CWE-4153 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 69.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei P10 Plus Firmware Huawei Technologies Co., Ltd. P10 Plus

Timeline

PublishedNov 22

Latest updateMay 17

Description

The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/p10_plus_firmware< vky-al00c00b153

▶CVEListV5huawei_technologies_co.,_ltd./p10_plusVersions earlier than VKY-AL00C00B153

🔴Vulnerability Details

GHSA

GHSA-rf9x-3287-7x74: The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability↗2022-05-17

▶

CVEList

CVE-2017-8141: The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability↗2017-11-22

▶