Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-15311

The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.

Published

2017-12-22T17:29:13.063

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:P/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.5

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	mate_10_firmware	< alp-al00_8.0.0.120\(sp2c00\)	Yes
Hardware	huawei	mate_10	-	No
Operating System	huawei	mate_10_pro_firmware	< bla-al00_8.0.0.120\(sp2c00\)	Yes
Hardware	huawei	mate_10_pro	-	No
Operating System	huawei	mate_9_firmware	< mha-al00b_8.0.0.334\(c00\)	Yes
Hardware	huawei	mate_9	-	No
Operating System	huawei	mate_9_pro_firmware	< lon-al00b_8.0.0.334\(c00\)	Yes
Hardware	huawei	mate_9_pro	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)