Search criteria
18 vulnerabilities found for mate_10_firmware by huawei
CVE-2020-9119 (GCVE-0-2020-9119)
Vulnerability from nvd – Published: 2020-12-24 15:49 – Updated: 2024-08-04 10:19
VLAI?
Summary
There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro |
Affected:
Versions earlier than 10.0.0.189(C185E6R1P3)
Affected: Versions earlier than 10.1.0.156(C00E155R7P2) Affected: Versions earlier than 10.1.0.156(C00E156R7P2) Affected: Versions earlier than 10.1.0.150(SP1C00E150R4P1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.0.0.189(C185E6R1P3)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E156R7P2)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user\u0027s privilege promotion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-24T15:49:40",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.0.0.189(C185E6R1P3)"
},
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
},
{
"version_value": "Versions earlier than 10.1.0.156(C00E156R7P2)"
},
{
"version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
},
{
"version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user\u0027s privilege promotion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9119",
"datePublished": "2020-12-24T15:49:40",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1809 (GCVE-0-2020-1809)
Vulnerability from nvd – Published: 2020-05-29 19:29 – Updated: 2024-08-04 06:46
VLAI?
Summary
HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HUAWEI | HUAWEI Mate 10 |
Affected:
Versions earlier than 10.0.0.143(C00E143R2P4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI Mate 10",
"vendor": "HUAWEI",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.0.0.143(C00E143R2P4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T19:29:26",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-1809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 10",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.0.0.143(C00E143R2P4)"
}
]
}
}
]
},
"vendor_name": "HUAWEI"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-1809",
"datePublished": "2020-05-29T19:29:26",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5264 (GCVE-0-2019-5264)
Vulnerability from nvd – Published: 2019-12-13 23:00 – Updated: 2024-08-04 19:47
VLAI?
Summary
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9 |
Affected:
Versions earlier than 9.0.0.167(C00E85R2P20T8)
Affected: Versions earlier than 9.0.0.159(C432E4R1P9T8) Affected: Versions earlier than 9.0.0.177(C185E2R1P12T8) Affected: Versions earlier than 9.0.0.159(C636E2R1P12T8) Affected: Versions earlier than 9.0.0.167(C00E87R2P15T8) Affected: Versions earlier than 9.0.0.159(C185E2R1P13T8) Affected: Versions earlier than 9.0.0.161(C432E4R1P11T8) Affected: Versions earlier than 9.0.0.159(C636E2R1P13T8) Affected: Versions earlier than 9.0.0.156(C00E156R2P14T8) Affected: Versions earlier than 9.0.0.159(C636E3R1P12T8) Affected: Versions earlier than 9.1.0.107(C00E107R2P8T8) Affected: Versions earlier than 9.1.0.119(C636E5R1P1T8) Affected: Versions earlier than 9.1.0.130(C432E8R1P5T8) Affected: Versions earlier than 9.1.0.111(C00E111R1P6T8) Affected: Versions earlier than 9.1.0.115(C432E5R1P1T8) Affected: Versions earlier than 9.1.0.120(C636E5R1P1T8) Affected: Versions earlier than 9.1.0.113(C00E111R2P10T8) Affected: Versions earlier than 9.1.0.118(C636E4R1P1T8) Affected: Versions earlier than 9.1.0.118(C185E4R1P4T8) Affected: Versions earlier than 9.1.0.121(C432E4R1P3T8) Affected: Versions earlier than 9.1.0.112(C00E112R1P6T8) Affected: Versions earlier 9.1.0.106(SP53C636E2R1P4T8) Affected: Versions earlier than 9.0.1.158(C432E6R1P8T8) Affected: Versions earlier than 9.0.1.159(C636E6R1P8T8) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T23:00:29",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"version_value": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"version_value": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"version_value": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"version_value": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"version_value": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"version_value": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"version_value": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"version_value": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5264",
"datePublished": "2019-12-13T23:00:29",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5305 (GCVE-0-2019-5305)
Vulnerability from nvd – Published: 2019-06-06 14:35 – Updated: 2024-08-04 19:54
VLAI?
Summary
The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash.
Severity ?
No CVSS data available.
CWE
- memory double free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "The versions before ALP-L29 9.0.0.159(C185)"
}
]
}
],
"datePublic": "2019-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "memory double free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T14:35:18",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10",
"version": {
"version_data": [
{
"version_value": "The versions before ALP-L29 9.0.0.159(C185)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memory double free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5305",
"datePublished": "2019-06-06T14:35:18",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5219 (GCVE-0-2019-5219)
Vulnerability from nvd – Published: 2019-06-06 14:41 – Updated: 2024-08-04 19:47
VLAI?
Summary
There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition.
Severity ?
No CVSS data available.
CWE
- double free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8)"
}
]
}
],
"datePublic": "2019-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "double free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T14:41:52",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate10",
"version": {
"version_data": [
{
"version_value": "Versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "double free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5219",
"datePublished": "2019-06-06T14:41:52",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5214 (GCVE-0-2019-5214)
Vulnerability from nvd – Published: 2019-06-06 14:18 – Updated: 2024-08-04 19:47
VLAI?
Summary
There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition.
Severity ?
No CVSS data available.
CWE
- Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei | Huawei Mate10 |
Affected:
Versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Huawei Mate10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T14:18:43",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Huawei Mate10",
"version": {
"version_data": [
{
"version_value": "Versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5214",
"datePublished": "2019-06-06T14:18:43",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7993 (GCVE-0-2018-7993)
Vulnerability from nvd – Published: 2018-07-31 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code.
Severity ?
No CVSS data available.
CWE
- use after free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | HUAWEI Mate 10 |
Affected:
Versions earlier than ALP-AL00 8.1.0.311
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI Mate 10",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Versions earlier than ALP-AL00 8.1.0.311"
}
]
}
],
"datePublic": "2018-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-31T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 10",
"version": {
"version_data": [
{
"version_value": "Versions earlier than ALP-AL00 8.1.0.311"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7993",
"datePublished": "2018-07-31T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17227 (GCVE-0-2017-17227)
Vulnerability from nvd – Published: 2018-03-09 17:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- input parameters validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 |
Affected:
The versions before ALP-L09 8.0.0.120(C212)
Affected: The versions before ALP-L09 8.0.0.127(C900) Affected: The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before ALP-L09 8.0.0.120(C212)"
},
{
"status": "affected",
"version": "The versions before ALP-L09 8.0.0.127(C900)"
},
{
"status": "affected",
"version": "The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652)"
}
]
}
],
"datePublic": "2018-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "input parameters validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10",
"version": {
"version_data": [
{
"version_value": "The versions before ALP-L09 8.0.0.120(C212)"
},
{
"version_value": "The versions before ALP-L09 8.0.0.127(C900)"
},
{
"version_value": "The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input parameters validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17227",
"datePublished": "2018-03-09T17:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15311 (GCVE-0-2017-15311)
Vulnerability from nvd – Published: 2017-12-22 17:00 – Updated: 2024-09-17 04:29
VLAI?
Summary
The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.
Severity ?
No CVSS data available.
CWE
- Stack Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 |
Affected:
before ALP-AL00 8.0.0.120(SP2C00)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before ALP-AL00 8.0.0.120(SP2C00)"
}
]
},
{
"product": "Mate 10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before BLA-AL00 8.0.0.120(SP2C00)"
}
]
},
{
"product": "Mate 9",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before MHA-AL00B 8.0.0.334(C00)"
}
]
},
{
"product": "Mate 9 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before LON-AL00B 8.0.0.334(C00),"
}
]
}
],
"datePublic": "2017-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-25T00:00:00",
"ID": "CVE-2017-15311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10",
"version": {
"version_data": [
{
"version_value": "before ALP-AL00 8.0.0.120(SP2C00)"
}
]
}
},
{
"product_name": "Mate 10 Pro",
"version": {
"version_data": [
{
"version_value": "before BLA-AL00 8.0.0.120(SP2C00)"
}
]
}
},
{
"product_name": "Mate 9",
"version": {
"version_data": [
{
"version_value": "before MHA-AL00B 8.0.0.334(C00)"
}
]
}
},
{
"product_name": "Mate 9 Pro",
"version": {
"version_data": [
{
"version_value": "before LON-AL00B 8.0.0.334(C00),"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-15311",
"datePublished": "2017-12-22T17:00:00Z",
"dateReserved": "2017-10-14T00:00:00",
"dateUpdated": "2024-09-17T04:29:33.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9119 (GCVE-0-2020-9119)
Vulnerability from cvelistv5 – Published: 2020-12-24 15:49 – Updated: 2024-08-04 10:19
VLAI?
Summary
There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user's privilege promotion.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro |
Affected:
Versions earlier than 10.0.0.189(C185E6R1P3)
Affected: Versions earlier than 10.1.0.156(C00E155R7P2) Affected: Versions earlier than 10.1.0.156(C00E156R7P2) Affected: Versions earlier than 10.1.0.150(SP1C00E150R4P1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.0.0.189(C185E6R1P3)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E156R7P2)"
},
{
"status": "affected",
"version": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user\u0027s privilege promotion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-24T15:49:40",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 10;HUAWEI Mate 30;HUAWEI Mate 30 Pro;HUAWEI P40;HUAWEI P40 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.0.0.189(C185E6R1P3)"
},
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
},
{
"version_value": "Versions earlier than 10.1.0.156(C00E156R7P2)"
},
{
"version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
},
{
"version_value": "Versions earlier than 10.1.0.150(SP1C00E150R4P1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user\u0027s privilege promotion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9119",
"datePublished": "2020-12-24T15:49:40",
"dateReserved": "2020-02-18T00:00:00",
"dateUpdated": "2024-08-04T10:19:19.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1809 (GCVE-0-2020-1809)
Vulnerability from cvelistv5 – Published: 2020-05-29 19:29 – Updated: 2024-08-04 06:46
VLAI?
Summary
HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HUAWEI | HUAWEI Mate 10 |
Affected:
Versions earlier than 10.0.0.143(C00E143R2P4)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI Mate 10",
"vendor": "HUAWEI",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.0.0.143(C00E143R2P4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T19:29:26",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-1809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 10",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.0.0.143(C00E143R2P4)"
}
]
}
}
]
},
"vendor_name": "HUAWEI"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-1809",
"datePublished": "2020-05-29T19:29:26",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5264 (GCVE-0-2019-5264)
Vulnerability from cvelistv5 – Published: 2019-12-13 23:00 – Updated: 2024-08-04 19:47
VLAI?
Summary
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9 |
Affected:
Versions earlier than 9.0.0.167(C00E85R2P20T8)
Affected: Versions earlier than 9.0.0.159(C432E4R1P9T8) Affected: Versions earlier than 9.0.0.177(C185E2R1P12T8) Affected: Versions earlier than 9.0.0.159(C636E2R1P12T8) Affected: Versions earlier than 9.0.0.167(C00E87R2P15T8) Affected: Versions earlier than 9.0.0.159(C185E2R1P13T8) Affected: Versions earlier than 9.0.0.161(C432E4R1P11T8) Affected: Versions earlier than 9.0.0.159(C636E2R1P13T8) Affected: Versions earlier than 9.0.0.156(C00E156R2P14T8) Affected: Versions earlier than 9.0.0.159(C636E3R1P12T8) Affected: Versions earlier than 9.1.0.107(C00E107R2P8T8) Affected: Versions earlier than 9.1.0.119(C636E5R1P1T8) Affected: Versions earlier than 9.1.0.130(C432E8R1P5T8) Affected: Versions earlier than 9.1.0.111(C00E111R1P6T8) Affected: Versions earlier than 9.1.0.115(C432E5R1P1T8) Affected: Versions earlier than 9.1.0.120(C636E5R1P1T8) Affected: Versions earlier than 9.1.0.113(C00E111R2P10T8) Affected: Versions earlier than 9.1.0.118(C636E4R1P1T8) Affected: Versions earlier than 9.1.0.118(C185E4R1P4T8) Affected: Versions earlier than 9.1.0.121(C432E4R1P3T8) Affected: Versions earlier than 9.1.0.112(C00E112R1P6T8) Affected: Versions earlier 9.1.0.106(SP53C636E2R1P4T8) Affected: Versions earlier than 9.0.1.158(C432E6R1P8T8) Affected: Versions earlier than 9.0.1.159(C636E6R1P8T8) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"status": "affected",
"version": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T23:00:29",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.0.0.167(C00E85R2P20T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.0.0.167(C00E87R2P15T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C185E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.161(C432E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E2R1P13T8)"
},
{
"version_value": "Versions earlier than 9.0.0.156(C00E156R2P14T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C432E4R1P9T8)"
},
{
"version_value": "Versions earlier than 9.0.0.159(C636E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.107(C00E107R2P8T8)"
},
{
"version_value": "Versions earlier than 9.1.0.119(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.130(C432E8R1P5T8)"
},
{
"version_value": "Versions earlier than 9.1.0.111(C00E111R1P6T8)"
},
{
"version_value": "Versions earlier than 9.1.0.115(C432E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.120(C636E5R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.113(C00E111R2P10T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C636E4R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.118(C185E4R1P4T8)"
},
{
"version_value": "Versions earlier than 9.1.0.121(C432E4R1P3T8)"
},
{
"version_value": "Versions earlier than 9.1.0.112(C00E112R1P6T8)"
},
{
"version_value": "Versions earlier 9.1.0.106(SP53C636E2R1P4T8)"
},
{
"version_value": "Versions earlier than 9.0.1.158(C432E6R1P8T8)"
},
{
"version_value": "Versions earlier than 9.0.1.159(C636E6R1P8T8)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5264",
"datePublished": "2019-12-13T23:00:29",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5219 (GCVE-0-2019-5219)
Vulnerability from cvelistv5 – Published: 2019-06-06 14:41 – Updated: 2024-08-04 19:47
VLAI?
Summary
There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition.
Severity ?
No CVSS data available.
CWE
- double free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8)"
}
]
}
],
"datePublic": "2019-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "double free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T14:41:52",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate10",
"version": {
"version_data": [
{
"version_value": "Versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "double free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5219",
"datePublished": "2019-06-06T14:41:52",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5305 (GCVE-0-2019-5305)
Vulnerability from cvelistv5 – Published: 2019-06-06 14:35 – Updated: 2024-08-04 19:54
VLAI?
Summary
The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash.
Severity ?
No CVSS data available.
CWE
- memory double free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "The versions before ALP-L29 9.0.0.159(C185)"
}
]
}
],
"datePublic": "2019-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "memory double free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T14:35:18",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10",
"version": {
"version_data": [
{
"version_value": "The versions before ALP-L29 9.0.0.159(C185)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memory double free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5305",
"datePublished": "2019-06-06T14:35:18",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5214 (GCVE-0-2019-5214)
Vulnerability from cvelistv5 – Published: 2019-06-06 14:18 – Updated: 2024-08-04 19:47
VLAI?
Summary
There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition.
Severity ?
No CVSS data available.
CWE
- Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei | Huawei Mate10 |
Affected:
Versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Huawei Mate10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T14:18:43",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Huawei Mate10",
"version": {
"version_data": [
{
"version_value": "Versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5214",
"datePublished": "2019-06-06T14:18:43",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7993 (GCVE-0-2018-7993)
Vulnerability from cvelistv5 – Published: 2018-07-31 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code.
Severity ?
No CVSS data available.
CWE
- use after free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | HUAWEI Mate 10 |
Affected:
Versions earlier than ALP-AL00 8.1.0.311
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HUAWEI Mate 10",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Versions earlier than ALP-AL00 8.1.0.311"
}
]
}
],
"datePublic": "2018-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-31T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 10",
"version": {
"version_data": [
{
"version_value": "Versions earlier than ALP-AL00 8.1.0.311"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180711-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7993",
"datePublished": "2018-07-31T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17227 (GCVE-0-2017-17227)
Vulnerability from cvelistv5 – Published: 2018-03-09 17:00 – Updated: 2024-08-05 20:43
VLAI?
Summary
GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- input parameters validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 |
Affected:
The versions before ALP-L09 8.0.0.120(C212)
Affected: The versions before ALP-L09 8.0.0.127(C900) Affected: The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before ALP-L09 8.0.0.120(C212)"
},
{
"status": "affected",
"version": "The versions before ALP-L09 8.0.0.127(C900)"
},
{
"status": "affected",
"version": "The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652)"
}
]
}
],
"datePublic": "2018-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "input parameters validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10",
"version": {
"version_data": [
{
"version_value": "The versions before ALP-L09 8.0.0.120(C212)"
},
{
"version_value": "The versions before ALP-L09 8.0.0.127(C900)"
},
{
"version_value": "The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input parameters validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17227",
"datePublished": "2018-03-09T17:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15311 (GCVE-0-2017-15311)
Vulnerability from cvelistv5 – Published: 2017-12-22 17:00 – Updated: 2024-09-17 04:29
VLAI?
Summary
The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.
Severity ?
No CVSS data available.
CWE
- Stack Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | Mate 10 |
Affected:
before ALP-AL00 8.0.0.120(SP2C00)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mate 10",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before ALP-AL00 8.0.0.120(SP2C00)"
}
]
},
{
"product": "Mate 10 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before BLA-AL00 8.0.0.120(SP2C00)"
}
]
},
{
"product": "Mate 9",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before MHA-AL00B 8.0.0.334(C00)"
}
]
},
{
"product": "Mate 9 Pro",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "before LON-AL00B 8.0.0.334(C00),"
}
]
}
],
"datePublic": "2017-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-25T00:00:00",
"ID": "CVE-2017-15311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 10",
"version": {
"version_data": [
{
"version_value": "before ALP-AL00 8.0.0.120(SP2C00)"
}
]
}
},
{
"product_name": "Mate 10 Pro",
"version": {
"version_data": [
{
"version_value": "before BLA-AL00 8.0.0.120(SP2C00)"
}
]
}
},
{
"product_name": "Mate 9",
"version": {
"version_data": [
{
"version_value": "before MHA-AL00B 8.0.0.334(C00)"
}
]
}
},
{
"product_name": "Mate 9 Pro",
"version": {
"version_data": [
{
"version_value": "before LON-AL00B 8.0.0.334(C00),"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-15311",
"datePublished": "2017-12-22T17:00:00Z",
"dateReserved": "2017-10-14T00:00:00",
"dateUpdated": "2024-09-17T04:29:33.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}