CVE-2017-8150
published 2017-11-22CVE-2017-8150: The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory writing in the next system reboot, causing continuous system reboot or arbitrary code execution.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| huawei | p10_firmware | < victoria-l09ac605b162 | victoria-l09ac605b162 |
| huawei | p10_firmware | < victoria-l29ac605b162 | victoria-l29ac605b162 |
| huawei | p10_plus_firmware | < vicky-l29ac605b162 | vicky-l29ac605b162 |
| huawei | p8_lite_firmware | < ale-l21c113b566 | ale-l21c113b566 |
| huawei | p9_firmware | < eva-l09c432b391 | eva-l09c432b391 |
| huawei | p9_firmware | < eva-l09c576b386 | eva-l09c576b386 |
| huawei | p9_firmware | < eva-l09c605b390 | eva-l09c605b390 |
| huawei | p9_firmware | < eva-l09c635b387 | eva-l09c635b387 |
| huawei | p9_firmware | < eva-l09c636b388 | eva-l09c636b388 |
| huawei | p9_firmware | < eva-l19c10b390 | eva-l19c10b390 |
| huawei | p9_firmware | < eva-l19c432b388 | eva-l19c432b388 |
| huawei | p9_firmware | < eva-l19c605b390 | eva-l19c605b390 |
| huawei | p9_firmware | < eva-l19c636b391 | eva-l19c636b391 |