CVE-2017-8141: Double Free
First published: Wed Nov 22 2017(Updated: )
The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei P10 Plus Firmware | <vky-al00c00b153 | |
| Huawei P10 Plus |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2017-8141.
What is the severity of CVE-2017-8141?
The severity of CVE-2017-8141 is critical with a severity value of 7.8.
What is the description of CVE-2017-8141?
CVE-2017-8141 is a memory double free vulnerability in the Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153.
Which software versions of P10 Plus smart phones are affected by CVE-2017-8141?
P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 are affected by CVE-2017-8141.
How can an attacker exploit CVE-2017-8141?
An attacker with root privilege of the Android system can trick a user into installing a malicious application, which can start multiple threads to exploit the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei p10 plus firmware
- canonical/huawei p10 plus