Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-17319

Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel information disclosure.

Published

2018-03-20T15:29:00.407

Last Modified

2024-11-21T03:17:49.753

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

6.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	p9_firmware	< eva-al10c00b399sp02	Yes
Hardware	huawei	p9	-	No

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-smartphone-en Vendor Advisory ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-01-smartphone-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)