CVE-2017-15325
HIGHHuawei Prague Smartphone Firmware - Integer Overflow in Bdat Driver
Title source: llmDescription
The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180321-01-smartphone-en
Scores
CVSS v3
7.8
EPSS
0.0012
EPSS Percentile
29.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (5)
huawei/prague-al00a_firmware
< prague-al00ac00b211
huawei/prague-al00b_firmware
< prague-al00bc00b211
huawei/prague-al00c_firmware
< prague-al00cc00b211
huawei/prague-tl00a_firmware
< prague-tl00ac01b211
huawei/prague-tl10a_firmware
< prague-tl10ac01b211
Published
Mar 23, 2018
Tracked Since
Feb 18, 2026