Vulnerability Details CVE-2017-8142
The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
References
Products affected by CVE-2017-8142
-
cpe:2.3:h:huawei:mate_9:-
-
cpe:2.3:h:huawei:mate_9_pro:-
-
cpe:2.3:o:huawei:mate_9_firmware:-
-
cpe:2.3:o:huawei:mate_9_firmware:8.0.0.129(sp2c00)
-
cpe:2.3:o:huawei:mate_9_firmware:8.0.0.356(c00)
-
cpe:2.3:o:huawei:mate_9_firmware:9.0.1.158(c432e6r1p8t8)
-
cpe:2.3:o:huawei:mate_9_firmware:9.0.1.159(c636e6r1p8t8)
-
cpe:2.3:o:huawei:mate_9_firmware:mha-al00ac00b125
-
cpe:2.3:o:huawei:mate_9_firmware:mha-al00b_8.0.0.334(c00)
-
cpe:2.3:o:huawei:mate_9_firmware:mha-al00bc00b156
-
cpe:2.3:o:huawei:mate_9_firmware:mha-al00bc00b173
-
cpe:2.3:o:huawei:mate_9_pro_firmware:-
-
cpe:2.3:o:huawei:mate_9_pro_firmware:8.0.0.129(sp2c01)
-
cpe:2.3:o:huawei:mate_9_pro_firmware:8.0.0.343(c00)
-
cpe:2.3:o:huawei:mate_9_pro_firmware:8.0.0.356(c00)
-
cpe:2.3:o:huawei:mate_9_pro_firmware:8.0.0.360(c721)
-
cpe:2.3:o:huawei:mate_9_pro_firmware:8.0.0.363(c00)
-
cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00b9.0.1.150(c00e61r1p8t8)
-
cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00b_8.0.0.334(c00)
-
cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00b_8.0.0.343(c00)
-
cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00b_8.0.0.363(c00)
-
cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00bc00b139d
-
cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00bc00b156