CVE-2018-7899

MEDIUM

Huawei Berkeley-AL20/Berkeley-BD - Double Free

Title source: llm

Description

The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone

Scores

CVSS v3 5.5

EPSS 0.0007

EPSS Percentile 21.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-415

Status published

Affected Products (17)

huawei/berkeley-al20_firmware

huawei/berkeley-bd_firmware

... and 2 more

Timeline

Published Apr 19, 2018

Tracked Since Feb 18, 2026