Details of VAR-201711-0988

ID

VAR-201711-0988

CVE

CVE-2017-8150

TITLE

Huawei P10 and P10 Plus Buffer error vulnerability in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010626

DESCRIPTION

The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory writing in the next system reboot, causing continuous system reboot or arbitrary code execution. Huawei P10 and P10 Plus Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiP10 and P10Plus are both Huawei's smartphone products. The HuaweiP10 and P10Plus bootloaders have written arbitrary memory leaks due to lack of parameter checking. The Huawei P10 and P10 Plus are both smartphones from the Chinese company Huawei. Bootloader is one of the system startup programs. The bootloader in Huawei P10 and P10 Plus has a security vulnerability, which is caused by the program not checking parameters adequately. The following products and versions are affected: Huawei P10 Victoria-L09AC605B162 earlier, Victoria-L29AC605B162 earlier; P10 Plus Vicky-L29AC605B162 earlier

Trust: 2.25

sources: NVD: CVE-2017-8150 // JVNDB: JVNDB-2017-010626 // CNVD: CNVD-2017-28814 // VULHUB: VHN-116353

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-28814

AFFECTED PRODUCTS

vendor:	huawei	model:	p9	scope:	lt	version:	eva-l09c432b391	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l09c635b387	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l19c636b391	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l19c605b390	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l09c605b390	Trust: 1.0
vendor:	huawei	model:	p10	scope:	lt	version:	victoria-l09ac605b162	Trust: 1.0
vendor:	huawei	model:	p10	scope:	lt	version:	victoria-l29ac605b162	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l19c432b388	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l09c636b388	Trust: 1.0
vendor:	huawei	model:	p8 lite	scope:	lt	version:	ale-l21c113b566	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l19c10b390	Trust: 1.0
vendor:	huawei	model:	p9	scope:	lt	version:	eva-l09c576b386	Trust: 1.0
vendor:	huawei	model:	p10 plus	scope:	lt	version:	vicky-l29ac605b162	Trust: 1.0
vendor:	huawei	model:	p10 plus	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p10	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p8 lite	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p9	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p10 <victoria-l09ac605b162	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 <victoria-l29ac605b162	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p10 plus <vicky-l29ac605b162	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-28814 // JVNDB: JVNDB-2017-010626 // NVD: CVE-2017-8150

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8150
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-8150
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-28814
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-980
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-116353
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-8150
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-28814
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-116353
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8150
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-28814 // VULHUB: VHN-116353 // JVNDB: JVNDB-2017-010626 // CNNVD: CNNVD-201711-980 // NVD: CVE-2017-8150

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-116353 // JVNDB: JVNDB-2017-010626 // NVD: CVE-2017-8150

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-980

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201711-980

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010626

PATCH

title:	huawei-sa-20170816-02-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-02-smartphone-en	Trust: 0.8
title:	Huawei mobile phone writes a patch for any memory vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/103206	Trust: 0.6
title:	Huawei P10 and P10 Plus Bootloader Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76690	Trust: 0.6

sources: CNVD: CNVD-2017-28814 // JVNDB: JVNDB-2017-010626 // CNNVD: CNNVD-201711-980

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8150	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-010626	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-980	Trust: 0.7
db:	CNVD	id:	CNVD-2017-28814	Trust: 0.6
db:	VULHUB	id:	VHN-116353	Trust: 0.1

sources: CNVD: CNVD-2017-28814 // VULHUB: VHN-116353 // JVNDB: JVNDB-2017-010626 // CNNVD: CNNVD-201711-980 // NVD: CVE-2017-8150

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170816-02-smartphone-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8150	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8150	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20170816-02-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2017-28814 // VULHUB: VHN-116353 // JVNDB: JVNDB-2017-010626 // CNNVD: CNNVD-201711-980 // NVD: CVE-2017-8150

SOURCES

db:	CNVD	id:	CNVD-2017-28814
db:	VULHUB	id:	VHN-116353
db:	JVNDB	id:	JVNDB-2017-010626
db:	CNNVD	id:	CNNVD-201711-980
db:	NVD	id:	CVE-2017-8150

LAST UPDATE DATE

2024-11-23T22:38:23.091000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-28814	date:	2017-09-30T00:00:00
db:	VULHUB	id:	VHN-116353	date:	2017-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-010626	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201711-980	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-8150	date:	2024-11-21T03:33:25.240

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-28814	date:	2017-09-30T00:00:00
db:	VULHUB	id:	VHN-116353	date:	2017-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010626	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201711-980	date:	2017-11-24T00:00:00
db:	NVD	id:	CVE-2017-8150	date:	2017-11-22T19:29:03.350