Sign-up

ID

VAR-201703-1381


TITLE

Huawei Mate 9/Mate 9 Pro arbitrary memory read and write vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-03265

DESCRIPTION

HuaweiMate9/Mate9Pro is a smartphone product from China's Huawei company. In the hardware security module of the HuaweiMate9/Mate9Pro mobile phone, there is an arbitrary memory read/write security vulnerability due to insufficient input verification. An attacker who has obtained root access to the Android system can use this vulnerability to read and write arbitrary memory data or execute arbitrary code in TrustZone.

Trust: 0.6

sources: CNVD: CNVD-2017-03265

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-03265

AFFECTED PRODUCTS

vendor:huaweimodel:mate <mha-al00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate <mha-cl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate <mha-dl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate <mha-tl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate pro <lon-al00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate pro <lon-cl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate pro <lon-dl00bc00b156scope:eqversion:9

Trust: 0.6

vendor:huaweimodel:mate pro <lon-tl00bc00b156scope:eqversion:9

Trust: 0.6

sources: CNVD: CNVD-2017-03265

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-03265
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-03265
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:N/C:P/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-03265

PATCH

title:Huawei Mate9/Mate9Pro random memory read and write vulnerability patchurl:https://www.cnvd.org.cn/patchinfo/show/90779

Trust: 0.6

sources: CNVD: CNVD-2017-03265

EXTERNAL IDS

db:CNVDid:CNVD-2017-03265

Trust: 0.6

sources: CNVD: CNVD-2017-03265

REFERENCES

url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170306-01-smartphone-cn

Trust: 0.6

sources: CNVD: CNVD-2017-03265

SOURCES

db:CNVDid:CNVD-2017-03265

LAST UPDATE DATE

2022-05-04T10:01:12.018000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-03265date:2017-03-24T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-03265date:2017-03-24T00:00:00