CVE-2017-17320

Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.

Published: Mar 20, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-17320
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-415

Affected Software
References

Software	From	Fixed in
huawei / mate_9_pro_firmware	lon-al00bc00b139d	lon-al00bc00b139d.x
huawei / mate_9_pro_firmware	lon-al00bc00b229	lon-al00bc00b229.x
huawei / mate_9_pro_firmware	lon-l29dc721b188	lon-l29dc721b188.x

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180314-02-smartphone-en

Vulnerability Database

290,020

CVE-2017-17320