Details of VAR-201804-1327

ID

VAR-201804-1327

CVE

CVE-2018-7899

TITLE

Huawei Berkeley-AL20 and Berkeley-BD Vulnerability related to double release in smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2018-004326

DESCRIPTION

The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot. Huawei Berkeley-AL20 and Berkeley-BD Smartphone software contains a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Berkeley-AL20 and Berkeley-BD are all smartphone products of China's Huawei company. A denial of service vulnerability exists in the Huawei driver of HuaweiBerkeley-AL20 and Berkeley-BD. Mali driver is one of the email drivers. The following products and versions are affected: Huawei Berkeley-AL20 Version 8.0.0.105(C00), Version 8.0.0.111(C00), Version 8.0.0.112D(C00), Version 8.0.0.116(C00), Version 8.0.0.119(C00) Version, version 8.0.0.119D(C00), version 8.0.0.122(C00), version 8.0.0.132(C00), version 8.0.0.132D(C00), version 8.0.0.142(C00), version 8.0.0.151(C00) Version; Berkeley-BD version 1.0.0.21, version 1.0.0.22, version 1.0.0.23, version 1.0.0.24, version 1.0.0.26, version 1.0.0.29

Trust: 2.25

sources: NVD: CVE-2018-7899 // JVNDB: JVNDB-2018-004326 // CNVD: CNVD-2018-08038 // VULHUB: VHN-137931

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-08038

AFFECTED PRODUCTS

vendor:	huawei	model:	berkeley-bd	scope:	eq	version:	1.0.0.22	Trust: 3.0
vendor:	huawei	model:	berkeley-bd	scope:	eq	version:	1.0.0.23	Trust: 3.0
vendor:	huawei	model:	berkeley-bd	scope:	eq	version:	1.0.0.24	Trust: 3.0
vendor:	huawei	model:	berkeley-bd	scope:	eq	version:	1.0.0.26	Trust: 3.0
vendor:	huawei	model:	berkeley-bd	scope:	eq	version:	1.0.0.29	Trust: 3.0
vendor:	huawei	model:	berkeley-bd	scope:	eq	version:	1.0.0.21	Trust: 2.4
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.111\(c00\)	Trust: 1.6
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.105\(c00\)	Trust: 1.6
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.119\(c00\)	Trust: 1.6
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.116\(c00\)	Trust: 1.6
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.112d\(c00\)	Trust: 1.6
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.122\(c00\)	Trust: 1.0
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.132\(c00\)	Trust: 1.0
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.132d\(c00\)	Trust: 1.0
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.151\(c00\)	Trust: 1.0
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.119d\(c00\)	Trust: 1.0
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.142\(c00\)	Trust: 1.0
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.105(c00)	Trust: 0.8
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.111(c00)	Trust: 0.8
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.112d(c00)	Trust: 0.8
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.116(c00)	Trust: 0.8
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.119(c00)	Trust: 0.8
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.119d(c00)	Trust: 0.8
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.122(c00)	Trust: 0.8
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.132(c00)	Trust: 0.8
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.132d(c00)	Trust: 0.8
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.142(c00)	Trust: 0.8
vendor:	huawei	model:	berkeley-al20	scope:	eq	version:	8.0.0.151(c00)	Trust: 0.8
vendor:	huawei	model:	berkeley-al20 8.0.0.105	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	berkeley-al20 8.0.0.111	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	berkeley-al20 8.0.0.112d	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	berkeley-al20 8.0.0.116	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	berkeley-al20 8.0.0.119	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	berkeley-al20 8.0.0.119d	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	berkeley-al20 8.0.0.122	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	berkeley-al20 8.0.0.132	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	berkeley-al20 8.0.0.132d	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	berkeley-al20 8.0.0.142	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	berkeley-al20 8.0.0.151	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-08038 // JVNDB: JVNDB-2018-004326 // CNNVD: CNNVD-201804-1121 // NVD: CVE-2018-7899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7899
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-7899
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-08038
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201804-1121
value:	HIGH
Trust: 0.6
VULHUB:	VHN-137931
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-7899
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-08038
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:H/AU:N/C:P/I:N/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137931
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7899
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-08038 // VULHUB: VHN-137931 // JVNDB: JVNDB-2018-004326 // CNNVD: CNNVD-201804-1121 // NVD: CVE-2018-7899

PROBLEMTYPE DATA

problemtype:

CWE-415

Trust: 1.9

sources: VULHUB: VHN-137931 // JVNDB: JVNDB-2018-004326 // NVD: CVE-2018-7899

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1121

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-1121

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004326

PATCH

title:	huawei-sa-20180418-01-ar	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-ar-en	Trust: 0.8
title:	HuaweiBerkeleyMali driver patch for denial of service vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/126597	Trust: 0.6
title:	Huawei Berkeley-AL20 and Berkeley-BD Mali Driver security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81414	Trust: 0.6

sources: CNVD: CNVD-2018-08038 // JVNDB: JVNDB-2018-004326 // CNNVD: CNNVD-201804-1121

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7899	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-004326	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1121	Trust: 0.7
db:	CNVD	id:	CNVD-2018-08038	Trust: 0.6
db:	VULHUB	id:	VHN-137931	Trust: 0.1

sources: CNVD: CNVD-2018-08038 // VULHUB: VHN-137931 // JVNDB: JVNDB-2018-004326 // CNNVD: CNNVD-201804-1121 // NVD: CVE-2018-7899

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7899	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7899	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/2018/huawei-sa-20180418-01-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2018-08038 // VULHUB: VHN-137931 // JVNDB: JVNDB-2018-004326 // CNNVD: CNNVD-201804-1121 // NVD: CVE-2018-7899

SOURCES

db:	CNVD	id:	CNVD-2018-08038
db:	VULHUB	id:	VHN-137931
db:	JVNDB	id:	JVNDB-2018-004326
db:	CNNVD	id:	CNNVD-201804-1121
db:	NVD	id:	CVE-2018-7899

LAST UPDATE DATE

2024-11-23T22:59:00.561000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-08038	date:	2018-04-20T00:00:00
db:	VULHUB	id:	VHN-137931	date:	2018-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-004326	date:	2018-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201804-1121	date:	2018-05-08T00:00:00
db:	NVD	id:	CVE-2018-7899	date:	2024-11-21T04:12:56.450

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-08038	date:	2018-04-19T00:00:00
db:	VULHUB	id:	VHN-137931	date:	2018-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2018-004326	date:	2018-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201804-1121	date:	2018-04-19T00:00:00
db:	NVD	id:	CVE-2018-7899	date:	2018-04-19T14:29:00.527