Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-17176

The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156, versions earlier before LON-CL00BC00B156, versions earlier before LON-DL00BC00B156, versions earlier before LON-TL00BC00B156 has a arbitrary memory read/write vulnerability due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute arbitrary code in the TrustZone.

Published

2018-10-17T15:29:00.633

Last Modified

2024-11-21T03:17:39.067

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.7 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	mate_9_firmware	< mha-al00bc00b156	Yes
Hardware	huawei	mate_9	-	No
Operating System	huawei	mate_9_firmware	< mha-cl00bc00b156	Yes
Hardware	huawei	mate_9	-	No
Operating System	huawei	mate_9_firmware	< mha-dl00bc00b156	Yes
Hardware	huawei	mate_9	-	No
Operating System	huawei	mate_9_firmware	< mha-tl00bc00b156	Yes
Hardware	huawei	mate_9	-	No
Operating System	huawei	mate_9_pro_firmware	< lon-al00bc00b156	Yes
Hardware	huawei	mate_9_pro	-	No
Operating System	huawei	mate_9_pro_firmware	< lon-cl00bc00b156	Yes
Hardware	huawei	mate_9_pro	-	No
Operating System	huawei	mate_9_pro_firmware	< lon-dl00bc00b156	Yes
Hardware	huawei	mate_9_pro	-	No
Operating System	huawei	mate_9_pro_firmware	< lon-tl00bc00b156	Yes
Hardware	huawei	mate_9_pro	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170306-01-smartphone-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170306-01-smartphone-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)