CVE-2017-8203

CWE-416 — Use After Free3 documents3 sources

Severity

7.8HIGH

EPSS

0.3%

top 50.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Nova 2 Firmware Huawei Nova 2 Plus Firmware

Timeline

PublishedNov 22

Latest updateMay 17

Description

The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. An attacker can convince a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/nova_2_plus_firmware< bac-al00c00b173

▶NVDhuawei/nova_2_firmware< pic-al00c00b173

🔴Vulnerability Details

GHSA

GHSA-x4r6-c6j7-6hfx: The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B1↗2022-05-17

▶

CVEList

CVE-2017-8203: The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B1↗2017-11-22

▶