CVE-2017-15330 - OpenCVE

The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Vicky-al00a Vicky-al00a Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b124d:::::::*
	cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b157d:::::::*
	cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b167:::::::*

cpe:2.3:h:huawei:vicky-al00a:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2018-02-15T16:00:00

Updated: 2024-08-05T19:50:16.501Z

Reserved: 2017-10-14T00:00:00

Link: CVE-2017-15330

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-02-15T16:29:00.283

Modified: 2018-03-07T15:08:29.837

Link: CVE-2017-15330

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Vicky-AL00A", "vendor": "Huawei Technologies Co., Ltd.", "versions": [{"status": "affected", "version": "Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167"}]}], "datePublic": "2017-12-06T00:00:00", "descriptions": [{"lang": "en", "value": "The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack."}], "problemTypes": [{"descriptions": [{"description": "Double Free", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-15T15:57:02", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2017-15330", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Vicky-AL00A", "version": {"version_data": [{"version_value": "Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167"}]}}]}, "vendor_name": "Huawei Technologies Co., Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Double Free"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:50:16.501Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2017-15330", "datePublished": "2018-02-15T16:00:00", "dateReserved": "2017-10-14T00:00:00", "dateUpdated": "2024-08-05T19:50:16.501Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b124d:*:*:*:*:*:*:*", "matchCriteriaId": "1F9E7B9D-52E9-467C-9087-D4805EEB7C40", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b157d:*:*:*:*:*:*:*", "matchCriteriaId": "30E1BE8D-4843-48CB-8285-EE1C4F8CB0DD", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b167:*:*:*:*:*:*:*", "matchCriteriaId": "EB59274F-9064-49EA-8261-442A04D95A57", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:vicky-al00a:-:*:*:*:*:*:*:*", "matchCriteriaId": "E014F48F-8F37-41FA-A7DE-F281B3BFFA99", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack."}, {"lang": "es", "value": "El controlador Flp en determinados smartphones Huawei del software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D y Vicky-AL00AC00B167. Un atacante puede enga\u00f1ar a un usuario para que instale una aplicaci\u00f3n maliciosa con un nivel alto de privilegios para explotar esta vulnerabilidad. Su explotaci\u00f3n exitosa podr\u00eda provocar un ataque de denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2017-15330", "lastModified": "2018-03-07T15:08:29.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-15T16:29:00.283", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}