CVE-2017-15316

HIGH

Huawei Mate 9 and Mate 9 Pro Firmware < MHA-AL00B 8.0.0.334(C00) - Use-After-Free in GPU Driver

Title source: llm

Description

The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 29.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-415

Status published

Products (4)

huawei/mate_9_firmware < mha-al00b_8.0.0.334\(c00\)

huawei/mate_9_pro_firmware < lon-al00b_8.0.0.334\(c00\)

Huawei Technologies Co., Ltd./Mate 9 before MHA-AL00B 8.0.0.334(C00)

Huawei Technologies Co., Ltd./Mate 9 Pro before LON-AL00B 8.0.0.334(C00)

Published Dec 22, 2017

Tracked Since Feb 18, 2026