Summary
Detail | |||
---|---|---|---|
Vendor | Huawei | First view | 2017-11-22 |
Product | p9 Plus Firmware | Last view | 2018-06-01 |
Version | vie-l09c432b380 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:huawei:p9_plus_firmware |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.2 | 2018-06-01 | CVE-2017-17171 | Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart. |
7.8 | 2018-03-09 | CVE-2016-8783 | Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to touchscreen drive to crash the system or escalate privilege. |
7.8 | 2017-11-22 | CVE-2017-8140 | The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution. |
5.5 | 2017-11-22 | CVE-2017-2734 | P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a large number of memory allocation and the smart phone will be crash for memory exhaustion. |
5.5 | 2017-11-22 | CVE-2017-2731 | The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the system. |
5.5 | 2017-11-22 | CVE-2017-2711 | P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (3) | CWE-20 | Improper Input Validation |
16% (1) | CWE-415 | Double Free |
16% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
16% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |