CVE-2020-9239
https://notcve.org/view.php?id=CVE-2020-9239
Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187, versions Duke-L09C432B189, versions Duke-L09C636B189;HUAWEI P20 versions earlier than 8.0.1.16(C00);HUAWEI P20 Pro versions earlier than 8.1.0.152(C00);Jimmy-AL00A versions earlier than Jimmy-AL00AC00B172;LON-L29D versions LON-L29DC721B192;NEO-AL00D versions earlier than 8.1.0.172(C786);Stanford-AL00 versions Stanford-AL00C00B123;Toronto-AL00 versions earlier than Toronto-AL00AC00B225;Toronto-AL00A versions earlier than Toronto-AL00AC00B225;Toronto-TL10 versions earlier than Toronto-TL10C01B225 have an information vulnerability. A module has a design error that is lack of control of input. Attackers can exploit this vulnerab Teléfonos inteligentes Huawei BLA-A09 versiones 8.0.0.123(C212), versiones anteriores a 8.0.0.123(C567), versiones anteriores a 8.0.0.123(C797); BLA-TL00B versiones anteriores a 8.1.0.326(C01); Berkeley-L09 versiones anteriores a 8.0.0.163(C10), versiones anteriores a 8.0.0.163(C432), versiones anteriores a 8.0.0.163(C636), versiones anteriores a 8.0.0.172(C10); Duke-L09 versiones Duke-L09C10B187, versiones Duke- L09C432B189, versiones Duke-L09C636B189; HUAWEI P20 versiones anteriores a 8.0.1.16(C00); HUAWEI P20 Pro versiones anteriores a 8.1.0.152(C00); Jimmy-AL00A versiones anteriores a Jimmy-AL00AC00B172; LON-L29D versiones LON-L29DC721B192; NEO-AL00D versiones anteriores a 8.1.0.172(C786); Stanford-AL00 versiones Stanford-AL00C00B123; Toronto-AL00 versiones anteriores a Toronto-AL00AC00B225; Toronto-AL00A versiones anteriores a Toronto-AL00AC00B225; Toronto-TL10 versiones anteriores a Toronto-TL10C01B225, presentan una vulnerabilidad de información. Un módulo presenta un error de diseño que es la falta de control de entrada. Unos atacantes pueden explotar esta vulnerabilidad • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200909-04-smartphone-en • CWE-20: Improper Input Validation •
CVE-2019-2215 – Android Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2019-2215
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 Un uso de la memoria previamente liberada en el archivo binder.c, permite una elevación de privilegios desde una aplicación en el kernel de Linux. No es requerida una interacción del usuario para explotar esta vulnerabilidad, sin embargo, la explotación necesita de la instalación de una aplicación local maliciosa o una vulnerabilidad separada en una aplicación de red. Producto: Android; ID de Android: A-141720095 Android suffers from a use-after-free vulnerability in the binder driver at /drivers/android/binder.c. Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. • https://www.exploit-db.com/exploits/48129 https://www.exploit-db.com/exploits/47463 https://github.com/timwr/CVE-2019-2215 https://github.com/LIznzn/CVE-2019-2215 https://github.com/ATorNinja/CVE-2019-2215 https://github.com/stevejubx/CVE-2019-2215 https://github.com/c3r34lk1ll3r/CVE-2019-2215 https://github.com/qre0ct/android-kernel-exploitation-ashfaq-CVE-2019-2215 https://github.com/mufidmb38/CVE-2019-2215 https://github.com/Byte-Master-101/CVE-2019-2215 https: • CWE-416: Use After Free •
CVE-2017-17161
https://notcve.org/view.php?id=CVE-2017-17161
The 'Find Phone' function in some Huawei smart phones with software earlier than Duke-L09C10B186 versions, earlier than Duke-L09C432B187 versions, earlier than Duke-L09C636B186 versions has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. La función "Find Phone" en algunos smartphones Huawei con software en versiones anteriores a Duke-L09C10B186, Duke-L09C432B187 y Duke-L09C636B186 tiene una vulnerabilidad de omisión de autenticación. Esto se debe a la realización indebida de la autenticación en la función "Find Phone". • http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-01-smartphone-en • CWE-287: Improper Authentication •