CVE-2017-17176 Information

Description

The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156 versions earlier before MHA-CL00BC00B156 versions earlier before MHA-DL00BC00B156 versions earlier before MHA-TL00BC00B156 versions earlier before LON-AL00BC00B156 versions earlier before LON-CL00BC00B156 versions earlier before LON-DL00BC00B156 versions earlier before LON-TL00BC00B156 has a arbitrary memory read/write vulnerability due to the input parameters validation. An attacker with the root privilege of the Android system could exploit this vulnerability to read and write memory data anywhere or execute arbitrary code in the TrustZone.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170306-01-smartphone-en

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.7