CVE-2017-8159
HIGHHuawei Agassi & Kobe Smartphones Remote Code Execution via Type Confusion
Title source: llmDescription
Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en
Scores
CVSS v3
7.8
EPSS
0.0103
EPSS Percentile
59.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-704
Status
published
Products (5)
huawei/agassi-l09hn_firmware
ags-l09c233b019
huawei/agassi-w09hn_firmware
ags-w09c233b019
huawei/kobe-l09ahn_firmware
kob-l09c233b017
huawei/kobe-w09chn_firmware
kob-w09c233b012
Huawei Technologies Co., Ltd./Agassi-L09HN,Agassi-W09HN,Kobe-L09AHN,Kobe-W09CHN,
AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026