Huawei Technologies Co Ltd P9 Plus vulnerabilities

CVE-2017-8140 [HIGH] CWE-415 CVE-2017-8140: The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbit

CVE-2017-2711 [MEDIUM] CWE-20 CVE-2017-2711: P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vul P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system.

CVE-2017-2731 [MEDIUM] CWE-20 CVE-2017-2731: The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 h The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the system.

CVE-2017-2734 [MEDIUM] CWE-400 CVE-2017-2734: P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be cras