The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution.
References
Link | Resource |
---|---|
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180321-01-smartphone-en | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: huawei
Published: 2018-03-21T00:00:00
Updated: 2018-03-23T15:57:01
Reserved: 2017-10-14T00:00:00
Link: CVE-2017-15325
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-23T16:29:00.130
Modified: 2018-04-19T14:02:22.600
Link: CVE-2017-15325
JSON object: View
Redhat Information
No data.
CWE