Details of VAR-201806-0424

ID

VAR-201806-0424

CVE

CVE-2017-17173

TITLE

Huawei Mate 9 Pro Vulnerability related to input confirmation in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2017-014000

DESCRIPTION

Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution. Huawei Mate 9 Pro Smartphones contain a vulnerability related to input confirmation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9Pro is a Huawei smartphone product from China

Trust: 2.16

sources: NVD: CVE-2017-17173 // JVNDB: JVNDB-2017-014000 // CNVD: CNVD-2018-12844

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-12844

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 9 pro fimware	scope:	lt	version:	lon-al00b_8.0.0.356\(c00\)	Trust: 1.0
vendor:	huawei	model:	mate 9 pro	scope:	lt	version:	lon-al00b 8.0.0.356	Trust: 0.8
vendor:	huawei	model:	mate pro <lon-al00b 8.0.0.356	scope:	eq	version:	9	Trust: 0.6

sources: CNVD: CNVD-2018-12844 // JVNDB: JVNDB-2017-014000 // NVD: CVE-2017-17173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17173
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-17173
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-12844
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201712-932
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2017-17173
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-12844
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-17173
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-12844 // JVNDB: JVNDB-2017-014000 // CNNVD: CNNVD-201712-932 // NVD: CVE-2017-17173

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-014000 // NVD: CVE-2017-17173

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-932

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-932

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014000

PATCH

title:	huawei-sa-20180613-02-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-02-smartphone-en	Trust: 0.8
title:	HuaweiMate9ProGPU driver patch for any memory release vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/134017	Trust: 0.6

sources: CNVD: CNVD-2018-12844 // JVNDB: JVNDB-2017-014000

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17173	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014000	Trust: 0.8
db:	CNVD	id:	CNVD-2018-12844	Trust: 0.6
db:	CNNVD	id:	CNNVD-201712-932	Trust: 0.6

sources: CNVD: CNVD-2018-12844 // JVNDB: JVNDB-2017-014000 // CNNVD: CNNVD-201712-932 // NVD: CVE-2017-17173

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-02-smartphone-en	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17173	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17173	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180613-02-smartphone-cn	Trust: 0.6

sources: CNVD: CNVD-2018-12844 // JVNDB: JVNDB-2017-014000 // CNNVD: CNNVD-201712-932 // NVD: CVE-2017-17173

SOURCES

db:	CNVD	id:	CNVD-2018-12844
db:	JVNDB	id:	JVNDB-2017-014000
db:	CNNVD	id:	CNNVD-201712-932
db:	NVD	id:	CVE-2017-17173

LAST UPDATE DATE

2024-11-23T22:55:52.514000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12844	date:	2018-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-014000	date:	2018-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201712-932	date:	2018-09-13T00:00:00
db:	NVD	id:	CVE-2017-17173	date:	2024-11-21T03:17:38.750

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-12844	date:	2018-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-014000	date:	2018-08-28T00:00:00
db:	CNNVD	id:	CNNVD-201712-932	date:	2017-12-26T00:00:00
db:	NVD	id:	CVE-2017-17173	date:	2018-06-14T14:29:00.277