What is CVE-2017-17320?

CVE-2017-17320 is a vulnerability in Huawei Mate 9 Pro smartphones with certain software versions, which allows an attacker to perform a memory double free attack by tricking the user with root privilege to install malicious software.

What is the severity of CVE-2017-17320?

CVE-2017-17320 has a severity rating of 7.8 (Critical).

Which Huawei Mate 9 Pro software versions are affected by CVE-2017-17320?

Huawei Mate 9 Pro software versions LON-AL00BC00B139D, LON-AL00BC00B229, and LON-L29DC721B188 are affected by CVE-2017-17320.

How can an attacker exploit CVE-2017-17320?

An attacker can exploit CVE-2017-17320 by tricking a user with root privilege to install a malicious software, which can then perform a memory double free attack.

How to fix CVE-2017-17320?

To fix CVE-2017-17320, users are advised to update their Huawei Mate 9 Pro software to a version that is not affected by the vulnerability. Please refer to the official Huawei security advisory for more information.

Vulnerability/
CVE-2017-17320

critical

9.3

CWE

415

20/3/2018

13/4/2018

CVE-2017-17320: Double Free

First published: Tue Mar 20 2018(Updated: )

Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei Mate 9 Pro Firmware	=lon-al00bc00b139d
Huawei Mate 9 Pro Firmware	=lon-al00bc00b229
Huawei Mate 9 Pro Firmware	=lon-l29dc721b188
Huawei Mate 9 Pro

Never miss a vulnerability like this again

Reference Links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en

Frequently Asked Questions

What is CVE-2017-17320?
CVE-2017-17320 is a vulnerability in Huawei Mate 9 Pro smartphones with certain software versions, which allows an attacker to perform a memory double free attack by tricking the user with root privilege to install malicious software.
What is the severity of CVE-2017-17320?
CVE-2017-17320 has a severity rating of 7.8 (Critical).
Which Huawei Mate 9 Pro software versions are affected by CVE-2017-17320?
Huawei Mate 9 Pro software versions LON-AL00BC00B139D, LON-AL00BC00B229, and LON-L29DC721B188 are affected by CVE-2017-17320.
How can an attacker exploit CVE-2017-17320?
An attacker can exploit CVE-2017-17320 by tricking a user with root privilege to install a malicious software, which can then perform a memory double free attack.
How to fix CVE-2017-17320?
To fix CVE-2017-17320, users are advised to update their Huawei Mate 9 Pro software to a version that is not affected by the vulnerability. Please refer to the official Huawei security advisory for more information.

collector/nvd-index
vendor/huawei
canonical/huawei mate 9 pro firmware
version/huawei mate 9 pro firmware/lon-al00bc00b139d
version/huawei mate 9 pro firmware/lon-al00bc00b229
version/huawei mate 9 pro firmware/lon-l29dc721b188
canonical/huawei mate 9 pro

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.