Vulnerability Description
The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | P8 Firmware | < gra-ul00c00b197 |
| Huawei | P8 | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-04-smartphVendor Advisory
- http://www.securityfocus.com/bid/95664Third Party AdvisoryVDB Entry
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-04-smartphVendor Advisory
- http://www.securityfocus.com/bid/95664Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-2698?
CVE-2017-2698 is a vulnerability with a CVSS score of 7.8 (HIGH). The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicio...
How severe is CVE-2017-2698?
CVE-2017-2698 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2698?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei P8 Firmware, Huawei P8.