Vulnerability Description
The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory writing in the next system reboot, causing continuous system reboot or arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | P10 Firmware | < victoria-l09ac605b162 |
| Huawei | P10 | - |
| Huawei | P10 Plus Firmware | < vicky-l29ac605b162 |
| Huawei | P10 Plus | - |
| Huawei | P8 Lite Firmware | < ale-l21c113b566 |
| Huawei | P8 Lite | - |
| Huawei | P9 Firmware | < eva-l09c432b391 |
| Huawei | P9 | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-02-smartphIssue TrackingVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-02-smartphIssue TrackingVendor Advisory
FAQ
What is CVE-2017-8150?
CVE-2017-8150 is a vulnerability with a CVSS score of 7.8 (HIGH). The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 hav...
How severe is CVE-2017-8150?
CVE-2017-8150 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8150?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei P10 Firmware, Huawei P10, Huawei P10 Plus Firmware, Huawei P10 Plus, Huawei P8 Lite Firmware.