Vulnerabilites related to Huawei Technologies Co., Ltd. - Nova 2 Plus,Nova 2
cve-2017-8203
Vulnerability from cvelistv5
Published
2017-11-22 19:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. An attacker can convince a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution.
References
▼ | URL | Tags |
---|---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-smartphone-en | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/101960 | vdb-entry, x_refsource_BID |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Huawei Technologies Co., Ltd. | Nova 2 Plus,Nova 2 |
Version: Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:27:23.231Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-smartphone-en", }, { name: "101960", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101960", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Nova 2 Plus,Nova 2", vendor: "Huawei Technologies Co., Ltd.", versions: [ { status: "affected", version: "Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173", }, ], }, ], datePublic: "2017-11-15T00:00:00", descriptions: [ { lang: "en", value: "The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. An attacker can convince a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "UAF", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-11-28T10:57:01", orgId: "25ac1063-e409-4190-8079-24548c77ea2e", shortName: "huawei", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-smartphone-en", }, { name: "101960", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101960", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@huawei.com", DATE_PUBLIC: "2017-11-15T00:00:00", ID: "CVE-2017-8203", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Nova 2 Plus,Nova 2", version: { version_data: [ { version_value: "Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173", }, ], }, }, ], }, vendor_name: "Huawei Technologies Co., Ltd.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with software of Versions earlier than BAC-AL00C00B173,Versions earlier than PIC-AL00C00B173 has a use after free (UAF) vulnerability. An attacker can convince a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "UAF", }, ], }, ], }, references: { reference_data: [ { name: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-smartphone-en", refsource: "CONFIRM", url: "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-smartphone-en", }, { name: "101960", refsource: "BID", url: "http://www.securityfocus.com/bid/101960", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "25ac1063-e409-4190-8079-24548c77ea2e", assignerShortName: "huawei", cveId: "CVE-2017-8203", datePublished: "2017-11-22T19:00:00Z", dateReserved: "2017-04-25T00:00:00", dateUpdated: "2024-09-17T00:26:25.448Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }