CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-15311
https://notcve.org/view.php?id=CVE-2017-15311
22 Dec 2017 — The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker c... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171125-01-baseband-en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-15316 – Huawei Mate 9 Pro Mali Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-15316
22 Dec 2017 — The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution. El controlador de unidad de procesamiento gráfico o GPU de los smartphones Mate 9de Huawei con software anter... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-smartphone-en • CWE-415: Double Free •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-8142
https://notcve.org/view.php?id=CVE-2017-8142
22 Nov 2017 — The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution. El controlador del m... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170615-01-smartphone-en • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2017-8144
https://notcve.org/view.php?id=CVE-2017-8144
22 Nov 2017 — Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks ... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en • CWE-920: Improper Restriction of Power Consumption •