CVE-2017-17173

{"id": "CVE-2017-17173", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-06-14T14:29:00.277", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-02-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180613-02-smartphone-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution."}, {"lang": "es", "value": "Debido a la insuficiente verificaci\u00f3n de par\u00e1metros, el controlador de la GPU de los smartphones Mate 9 Pro de Huawei en versiones anteriores a la LON-AL00B 8.0.0.356(C00) tiene una vulnerabilidad de liberaci\u00f3n de memoria arbitraria. Un atacante puede enga\u00f1ar a un usuario para que instale una aplicaci\u00f3n maliciosa en el smartphone y enviar un par\u00e1metro dado al controlador para que libere recursos especiales de la memoria del kernel. La explotaci\u00f3n con \u00e9xito de esta vulnerabilidad podr\u00eda desembocar en el cierre inesperado del tel\u00e9fono o en la ejecuci\u00f3n arbitraria de c\u00f3digo."}], "lastModified": "2024-11-21T03:17:38.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_9_pro_fimware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9326923-3A08-4AA1-8C6C-FDB51DB96CA2", "versionEndExcluding": "lon-al00b_8.0.0.356\\(c00\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4CC4AF8-2F6D-41FC-9697-17472AF32FC6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}