Memory double free vulnerability on Huawei smartphones (CVE-2017-17320)

by CIRT Team

Description: Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.

Impact: An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.

Vulnerable Products

Mate 9 Pro(LON-AL00BC00B139D,LON-AL00BC00B229,LON-L29DC721B188)

Mitigation: Huawei has released software updates that address this vulnerability. Please see the references or vendor advisory for more information.

Reference URL’s:

• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17320

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts