CVE-2017-17173: Input Validation
First published: Thu Jun 14 2018(Updated: )
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Mate 9 Pro Fimware | <lon-al00b_8.0.0.356\(c00\) | |
| Huawei Mate 9 Pro |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2017-17173.
What is the severity of CVE-2017-17173?
CVE-2017-17173 has a severity rating of 7.8 (critical).
Which devices are affected by CVE-2017-17173?
Mate 9 Pro Huawei smart phones with versions before LON-AL00B 8.0.0.356(C00) are affected.
How can an attacker exploit CVE-2017-17173?
An attacker can trick a user into installing a malicious application on the smart phone and send a given parameter to exploit the vulnerability.
How can I protect my Huawei Mate 9 Pro from CVE-2017-17173?
To protect your Huawei Mate 9 Pro from CVE-2017-17173, make sure to update your firmware to version LON-AL00B 8.0.0.356(C00) or later.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/huawei
- canonical/huawei mate 9 pro fimware
- canonical/huawei mate 9 pro