CVE-2018-7899 — MEDIUM (5.5)

Vulnerability Description

The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Berkeley-Al20 Firmware	8.0.0.105\(c00\)
Huawei	Berkeley-Al20	-
Huawei	Berkeley-Bd Firmware	1.0.0.21
Huawei	Berkeley-Bd	-

Related Weaknesses (CWE)

CWE-415

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphVendor Advisory

FAQ

What is CVE-2018-7899?

CVE-2018-7899 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0...

How severe is CVE-2018-7899?

CVE-2018-7899 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7899?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Berkeley-Al20 Firmware, Huawei Berkeley-Al20, Huawei Berkeley-Bd Firmware, Huawei Berkeley-Bd.