CVE-2017-15316 - OpenCVE

The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Mate 9 Mate 9 Firmware Mate 9 Pro Mate 9 Pro Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:mate_9_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2017-12-22T17:00:00Z

Updated: 2024-09-16T17:48:54.343Z

Reserved: 2017-10-14T00:00:00

Link: CVE-2017-15316

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-12-22T17:29:13.173

Modified: 2018-01-05T16:00:25.403

Link: CVE-2017-15316

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Mate 9", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "before MHA-AL00B 8.0.0.334(C00)"}]}, {"product": "Mate 9 Pro", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "before LON-AL00B 8.0.0.334(C00)"}]}], "datePublic": "2017-12-01T00:00:00", "descriptions": [{"lang": "en", "value": "The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Memory Double Free", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-22T16:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "DATE_PUBLIC": "2017-12-01T00:00:00", "ID": "CVE-2017-15316", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Mate 9", "version": {"version_data": [{"version_value": "before MHA-AL00B 8.0.0.334(C00)"}]}}, {"product_name": "Mate 9 Pro", "version": {"version_data": [{"version_value": "before LON-AL00B 8.0.0.334(C00)"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Memory Double Free"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:50:16.499Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-15316", "datePublished": "2017-12-22T17:00:00Z", "dateReserved": "2017-10-14T00:00:00", "dateUpdated": "2024-09-16T17:48:54.343Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9640332-F80C-4360-A67E-C00C99D807D5", "versionEndExcluding": "mha-al00b_8.0.0.334\\(c00\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_9:-:*:*:*:*:*:*:*", "matchCriteriaId": "93FB7D8B-A819-4CBB-85D1-D3984D963351", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_9_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C983B9F-8A7B-4FF1-8073-7C397714991A", "versionEndExcluding": "lon-al00b_8.0.0.334\\(c00\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "E4CC4AF8-2F6D-41FC-9697-17472AF32FC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution."}, {"lang": "es", "value": "El controlador de unidad de procesamiento gr\u00e1fico o GPU de los smartphones Mate 9de Huawei con software anterior a MHA-AL00B 8.0.0.334(C00) y Mate 9 Pro de Huawei con software anterior a LON-AL00B 8.0.0.334(C00) contiene una vulnerabilidad de doble liberaci\u00f3n (double free) de memoria. Un atacante enga\u00f1a a un usuario para que instale una aplicaci\u00f3n maliciosa que puede llamar a una API especial. Esto desencadena una doble liberaci\u00f3n (double free) y provoca el cierre inesperado del sistema o la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2017-15316", "lastModified": "2018-01-05T16:00:25.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-22T17:29:13.173", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}