Vulnerability Description
The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Mate 9 Firmware | < mha-al00b_8.0.0.334\(c00\) |
| Huawei | Mate 9 | - |
| Huawei | Mate 9 Pro Firmware | < lon-al00b_8.0.0.334\(c00\) |
| Huawei | Mate 9 Pro | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphVendor Advisory
FAQ
What is CVE-2017-15316?
CVE-2017-15316 is a vulnerability with a CVSS score of 7.8 (HIGH). The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vul...
How severe is CVE-2017-15316?
CVE-2017-15316 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15316?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 9 Firmware, Huawei Mate 9, Huawei Mate 9 Pro Firmware, Huawei Mate 9 Pro.