CVE-2017-17319 — MEDIUM (5.5)

Q: How severe is CVE-2017-17319?

CVE-2017-17319 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-17319?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei P9 Firmware, Huawei P9.

Vulnerability Description

Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	P9 Firmware	< eva-al10c00b399sp02
Huawei	P9	-

Related Weaknesses (CWE)

CWE-200

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-smartphVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-smartphVendor Advisory

FAQ

What is CVE-2017-17319?

CVE-2017-17319 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multit...

How severe is CVE-2017-17319?

CVE-2017-17319 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17319?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei P9 Firmware, Huawei P9.