CVE-2017-8140: Double Free
First published: Wed Nov 22 2017(Updated: )
The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei P9 Plus Firmware | <vie-al10bc00b353 | |
| Huawei P9 Plus |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2017-8140.
What is the title of this vulnerability?
The title of this vulnerability is 'The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353'.
What is the severity of CVE-2017-8140?
The severity of CVE-2017-8140 is critical with a score of 7.8.
How does this vulnerability affect Huawei P9 Plus smart phones?
This vulnerability affects Huawei P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353.
How can I fix this vulnerability?
To fix this vulnerability, update your Huawei P9 Plus smart phone to software version VIE-AL10BC00B353 or later.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei p9 plus firmware
- canonical/huawei p9 plus