1. Home
  2. CVE Database
  3. CVE-2017-8159
HIGH · 7.8

CVE-2017-8159

Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it lat...

Vulnerability Description

Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
HuaweiAgassi-L09Hn Firmwareags-l09c233b019
HuaweiAgassi-L09Hn-
HuaweiAgassi-W09Hn Firmwareags-w09c233b019
HuaweiAgassi-W09Hn-
HuaweiKobe-L09Ahn Firmwarekob-l09c233b017
HuaweiKobe-L09Ahn-
HuaweiKobe-W09Chn Firmwarekob-w09c233b012
HuaweiKobe-W09Chn-

Related Weaknesses (CWE)

CWE-704

References

FAQ

What is CVE-2017-8159?

CVE-2017-8159 is a vulnerability with a CVSS score of 7.8 (HIGH). Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it lat...

How severe is CVE-2017-8159?

CVE-2017-8159 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8159?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Agassi-L09Hn Firmware, Huawei Agassi-L09Hn, Huawei Agassi-W09Hn Firmware, Huawei Agassi-W09Hn, Huawei Kobe-L09Ahn Firmware.