Description
Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en
Scores
CVSS v3
7.8
EPSS
0.0012
EPSS Percentile
29.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (3)
huawei/mate_9_pro_firmware
lon-al00bc00b139d
huawei/mate_9_pro_firmware
lon-al00bc00b229
huawei/mate_9_pro_firmware
lon-l29dc721b188
Published
Mar 20, 2018
Tracked Since
Feb 18, 2026