CVE-2017-15316

HIGH

Huawei Mate 9 Firmware - Double Free

Title source: rule

Description

The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 30.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status draft

Affected Products (2)

huawei/mate_9_firmware < mha-al00b_8.0.0.334\(c00\)

huawei/mate_9_pro_firmware < lon-al00b_8.0.0.334\(c00\)

Timeline

Published Dec 22, 2017

Tracked Since Feb 18, 2026