What is the severity of CVE-2017-15325?

CVE-2017-15325 has a high severity level due to the potential for integer overflow that could lead to arbitrary code execution.

How do I fix CVE-2017-15325?

To fix CVE-2017-15325, update the affected Huawei Prague smartphone firmware to versions Prague-AL00AC00B211 or later, Prague-AL00BC00B211 or later, Prague-AL00CC00B211 or later, Prague-TL00AC01B211 or later, or Prague-TL10AC01B211 or later.

Which Huawei smartphone models are affected by CVE-2017-15325?

The affected models are Huawei Prague AL00A, AL00B, AL00C, TL00A, and TL10A with firmware versions older than specified updates.

What does CVE-2017-15325 exploit?

CVE-2017-15325 exploits an integer overflow vulnerability within the Bdat driver of specific Huawei smartphone firmware.

Is there a public advisory for CVE-2017-15325?

Yes, Huawei has released a security advisory detailing the vulnerability and recommended firmware updates for CVE-2017-15325.

Vulnerability/
CVE-2017-15325

critical

9.3

CWE

190

23/3/2018

17/9/2024

CVE-2017-15325: Integer Overflow

First published: Fri Mar 23 2018(Updated: )

The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei Prague-al00a Firmware	<prague-al00ac00b211
Huawei Prague-al00a
Huawei Prague-al00b Firmware	<prague-al00bc00b211
Huawei Prague-al00b
Huawei Prague-al00c Firmware	<prague-al00cc00b211
Huawei Prague-al00c
Huawei Prague-tl00a Firmware	<prague-tl00ac01b211
Huawei Prague-tl00a
Huawei Prague-tl10a Firmware	<prague-tl10ac01b211
Huawei Prague-tl10a

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180321-01-smartphone-en

Frequently Asked Questions

What is the severity of CVE-2017-15325?
CVE-2017-15325 has a high severity level due to the potential for integer overflow that could lead to arbitrary code execution.
How do I fix CVE-2017-15325?
To fix CVE-2017-15325, update the affected Huawei Prague smartphone firmware to versions Prague-AL00AC00B211 or later, Prague-AL00BC00B211 or later, Prague-AL00CC00B211 or later, Prague-TL00AC01B211 or later, or Prague-TL10AC01B211 or later.
Which Huawei smartphone models are affected by CVE-2017-15325?
The affected models are Huawei Prague AL00A, AL00B, AL00C, TL00A, and TL10A with firmware versions older than specified updates.
What does CVE-2017-15325 exploit?
CVE-2017-15325 exploits an integer overflow vulnerability within the Bdat driver of specific Huawei smartphone firmware.
Is there a public advisory for CVE-2017-15325?
Yes, Huawei has released a security advisory detailing the vulnerability and recommended firmware updates for CVE-2017-15325.

collector/nvd-index
agent/type
agent/softwarecombine
agent/references
agent/severity
agent/author
agent/weakness
agent/description
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/huawei
canonical/huawei prague-al00a firmware
canonical/huawei prague-al00a
canonical/huawei prague-al00b firmware
canonical/huawei prague-al00b
canonical/huawei prague-al00c firmware
canonical/huawei prague-al00c
canonical/huawei prague-tl00a firmware
canonical/huawei prague-tl00a
canonical/huawei prague-tl10a firmware
canonical/huawei prague-tl10a

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2017-15325?
CVE-2017-15325 has a high severity level due to the potential for integer overflow that could lead to arbitrary code execution.
How do I fix CVE-2017-15325?
To fix CVE-2017-15325, update the affected Huawei Prague smartphone firmware to versions Prague-AL00AC00B211 or later, Prague-AL00BC00B211 or later, Prague-AL00CC00B211 or later, Prague-TL00AC01B211 or later, or Prague-TL10AC01B211 or later.
Which Huawei smartphone models are affected by CVE-2017-15325?
The affected models are Huawei Prague AL00A, AL00B, AL00C, TL00A, and TL10A with firmware versions older than specified updates.
What does CVE-2017-15325 exploit?
CVE-2017-15325 exploits an integer overflow vulnerability within the Bdat driver of specific Huawei smartphone firmware.
Is there a public advisory for CVE-2017-15325?
Yes, Huawei has released a security advisory detailing the vulnerability and recommended firmware updates for CVE-2017-15325.