CVE-2017-8142
https://notcve.org/view.php?id=CVE-2017-8142
The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution. El controlador del módulo Trusted Execution Environment (TEE) de los smartphones Mate 9 y Mate 9 Pro con versiones de software anteriores a MHA-AL00BC00B221 y LON-AL00BC00B221 tiene una vulnerabilidad de uso de memoria previamente liberada (UAF). Un atacante engaña a un usuario para que instale una aplicación maliciosa; la aplicación puede comenzar múltiples hilos e intentar crear y liberar memoria específica. Esto podría desencadenar un acceso a la memoria previamente liberada y provocar un cierre inesperado del sistema o la ejecución de código arbitrario. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170615-01-smartphone-en • CWE-416: Use After Free •
CVE-2017-2703
https://notcve.org/view.php?id=CVE-2017-2703
Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373 can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System Setting. Puede eludirse Phone Finder en versiones anteriores a la MHA-AL00BC00B156; anteriores a la MHA-CL00BC00B156; anteriores a la MHA-DL00BC00B156; anteriores a la MHA-TL00BC00B156; anteriores a la EVA-AL10C00B373; anteriores a la EVA-CL10C00B373; anteriores a la EVA-DL10C00B373 y versiones anteriores a la EVA-TL10C00B373. Un atacante puede eludir Phone Finder mediante pasos especiales y entrar en la configuración del sistema. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en http://www.securityfocus.com/bid/95657 •
CVE-2017-8144
https://notcve.org/view.php?id=CVE-2017-8144
Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery. Los smartphones Huawei Honor 5A, Honor 8 Lite, Mate9, Mate9 Pro, P10 y P10 Plus con software en versiones anteriores a la CAM-L03C605B143CUSTC605D003, la Prague-L03C605B161, la Prague-L23C605B160, la MHA-AL00C00B225, la LON-AL00C00B225, la VTR-AL00C00B167, la VTR-TL00C01B167, la VKY-AL00C00B167 y la VKY-TL00C01B167 tienen una vulnerabilidad de agotamiento de recursos debido a la configuración de las opciones. Un atacante engaña a un usuario para que instale una aplicación maliciosa; la aplicación podría encender la linterna del dispositivo y descargar rápidamente la batería. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en • CWE-920: Improper Restriction of Power Consumption •