CVE-2017-8150

Published Nov 22, 2017

Last updated 7 years ago

CVSS high 7.8

Overview

Description: The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory writing in the next system reboot, causing continuous system reboot or arbitrary code execution.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4FE8B6F1-FD2D-489A-86CE-53945949D362"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4015216C-FA85-4D24-BE10-DC6AF9E4B0B8",
            "versionEndExcluding": "victoria-l09ac605b162"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4FE8B6F1-FD2D-489A-86CE-53945949D362"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p10_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC987861-3185-43C3-BE63-D25C01174945",
            "versionEndExcluding": "victoria-l29ac605b162"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p10_plus:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FAD5BC83-41ED-4260-8883-4CA5898A4FAD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p10_plus_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D22A313-6919-4719-92EB-BEE566464720",
            "versionEndExcluding": "vicky-l29ac605b162"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p8_lite:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AE2B9076-0E47-461F-BD6C-69FAB7572701"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6278E712-BBC7-4481-858C-44D1F2F0E65A",
            "versionEndExcluding": "ale-l21c113b566"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B903510-A6AF-4650-A7BC-40D8C8052D52",
            "versionEndExcluding": "eva-l09c432b391"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFCD40B3-E3DE-496D-9A69-419E00D59092",
            "versionEndExcluding": "eva-l09c576b386"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED4A4D14-2305-4CDB-97AF-53BB2F47D8D9",
            "versionEndExcluding": "eva-l09c605b390"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63E9FEC1-EF28-45B6-B826-77CB19DCEF0F",
            "versionEndExcluding": "eva-l09c635b387"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF80DCC9-7AA7-443A-BE95-F399E7088D01",
            "versionEndExcluding": "eva-l09c636b388"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3EABC75-30C8-4E46-8F48-57560111B190",
            "versionEndExcluding": "eva-l19c10b390"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17F71652-73C4-4CEC-8B45-A98FE74E7396",
            "versionEndExcluding": "eva-l19c432b388"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08B08602-B43E-4C14-A0CF-7BCD1F8C7C4F",
            "versionEndExcluding": "eva-l19c605b390"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:p9_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70D315BD-B01D-4006-B0B8-F7741F2CE5F6",
            "versionEndExcluding": "eva-l19c636b391"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References