Vulnerability Details CVE-2017-8141
The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
References
Products affected by CVE-2017-8141
-
cpe:2.3:h:huawei:p10_plus:-
-
cpe:2.3:o:huawei:p10_plus_firmware:-
-
cpe:2.3:o:huawei:p10_plus_firmware:8.0.0.357(c00)
-
cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.201(c01e75r1p12t8)
-
cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.252(c185e2r1p9t8)
-
cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.252(c432e4r1p9t8)
-
cpe:2.3:o:huawei:p10_plus_firmware:9.1.0.255(c576e6r1p8t8)
-
cpe:2.3:o:huawei:p10_plus_firmware:vicky-al00ac00b172
-
cpe:2.3:o:huawei:p10_plus_firmware:vicky-al00ac00b172d
-
cpe:2.3:o:huawei:p10_plus_firmware:vicky-l29ac605b162
-
cpe:2.3:o:huawei:p10_plus_firmware:vky-al00c00b123