CVE-2018-7899: Double Free
First published: Thu Apr 19 2018(Updated: )
The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Berkeley-al20 Firmware | =8.0.0.105\(c00\) | |
| Huawei Berkeley-al20 Firmware | =8.0.0.111\(c00\) | |
| Huawei Berkeley-al20 Firmware | =8.0.0.112d\(c00\) | |
| Huawei Berkeley-al20 Firmware | =8.0.0.116\(c00\) | |
| Huawei Berkeley-al20 Firmware | =8.0.0.119\(c00\) | |
| Huawei Berkeley-al20 Firmware | =8.0.0.119d\(c00\) | |
| Huawei Berkeley-al20 Firmware | =8.0.0.122\(c00\) | |
| Huawei Berkeley-al20 Firmware | =8.0.0.132\(c00\) | |
| Huawei Berkeley-al20 Firmware | =8.0.0.132d\(c00\) | |
| Huawei Berkeley-al20 Firmware | =8.0.0.142\(c00\) | |
| Huawei Berkeley-al20 Firmware | =8.0.0.151\(c00\) | |
| Huawei Berkeley-AL20 | ||
| Huawei Berkeley-bd Firmware | =1.0.0.21 | |
| Huawei Berkeley-bd Firmware | =1.0.0.22 | |
| Huawei Berkeley-bd Firmware | =1.0.0.23 | |
| Huawei Berkeley-bd Firmware | =1.0.0.24 | |
| Huawei Berkeley-bd Firmware | =1.0.0.26 | |
| Huawei Berkeley-bd Firmware | =1.0.0.29 | |
| Huawei Berkeley-bd |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2018-7899.
What is the severity of CVE-2018-7899?
The severity of CVE-2018-7899 is high with a severity value of 5.5.
Which software versions are affected by CVE-2018-7899?
The following software versions are affected: Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, and 1.0.0.29.
What is the CWE of CVE-2018-7899?
The CWE of CVE-2018-7899 is 415.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on Huawei's security advisory page: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei berkeley-al20 firmware
- version/huawei berkeley-al20 firmware/8.0.0.105\(c00\)
- version/huawei berkeley-al20 firmware/8.0.0.111\(c00\)
- version/huawei berkeley-al20 firmware/8.0.0.112d\(c00\)
- version/huawei berkeley-al20 firmware/8.0.0.116\(c00\)
- version/huawei berkeley-al20 firmware/8.0.0.119\(c00\)
- version/huawei berkeley-al20 firmware/8.0.0.119d\(c00\)
- version/huawei berkeley-al20 firmware/8.0.0.122\(c00\)
- version/huawei berkeley-al20 firmware/8.0.0.132\(c00\)
- version/huawei berkeley-al20 firmware/8.0.0.132d\(c00\)
- version/huawei berkeley-al20 firmware/8.0.0.142\(c00\)
- version/huawei berkeley-al20 firmware/8.0.0.151\(c00\)
- canonical/huawei berkeley-al20
- canonical/huawei berkeley-bd firmware
- version/huawei berkeley-bd firmware/1.0.0.21
- version/huawei berkeley-bd firmware/1.0.0.22
- version/huawei berkeley-bd firmware/1.0.0.23
- version/huawei berkeley-bd firmware/1.0.0.24
- version/huawei berkeley-bd firmware/1.0.0.26
- version/huawei berkeley-bd firmware/1.0.0.29
- canonical/huawei berkeley-bd