Vulnerability Description
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Mate 9 Pro Fimware | < lon-al00b_8.0.0.356\(c00\) |
| Huawei | Mate 9 Pro | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-02-smartphVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-02-smartphVendor Advisory
FAQ
What is CVE-2017-17173?
CVE-2017-17173 is a vulnerability with a CVSS score of 7.8 (HIGH). Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can t...
How severe is CVE-2017-17173?
CVE-2017-17173 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17173?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 9 Pro Fimware, Huawei Mate 9 Pro.