CVE-2017-8160
HIGHHuawei Vicky and Victoria Smartphones - Use-After-Free in Madapt Driver
Title source: llmDescription
The Madapt Driver of some Huawei smart phones with software Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victoria-AL00AC00B172 versions,Victoria-TL00AC00B123,Victoria-TL00AC01B167 has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-smartphone-en
Scores
CVSS v3
7.8
EPSS
0.0020
EPSS Percentile
42.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (7)
huawei/vicky-al00a_firmware
< vicky-al00ac00b172
huawei/vicky-al00c_firmware
vicky-al00cc768b122
huawei/vicky-tl00a_firmware
vicky-tl00ac01b167
huawei/victoria-al00a_firmware
< victoria-al00ac00b172_
huawei/victoria-tl00a_firmware
victoria-tl00ac00b123
huawei/victoria-tl00a_firmware
victoria-tl00ac01b167
Huawei Technologies Co., Ltd./Vicky-AL00A,Vicky-AL00C,Vicky-TL00A,Victoria-AL00A,Victoria-TL00A
Earlier than Vicky-AL00AC00B172 versions,Vicky-AL00CC768B122,Vicky-TL00AC01B167,Earlier than Victori
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026