CVE-2018-7899 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2018-7899

Analyzed

More Info Official Page

Source-psirt@huawei.com

Published At-19 Apr, 2018 | 14:29

Updated At-22 May, 2018 | 16:57

The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary	2.0	7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C

CPE Matches

Huawei Technologies Co., Ltd.

>>berkeley-al20_firmware>>8.0.0.105\(c00\)

cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.105\(c00\):*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-al20_firmware>>8.0.0.111\(c00\)

cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.111\(c00\):*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-al20_firmware>>8.0.0.112d\(c00\)

cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.112d\(c00\):*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-al20_firmware>>8.0.0.116\(c00\)

cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.116\(c00\):*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-al20_firmware>>8.0.0.119\(c00\)

cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.119\(c00\):*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-al20_firmware>>8.0.0.119d\(c00\)

cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.119d\(c00\):*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-al20_firmware>>8.0.0.122\(c00\)

cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.122\(c00\):*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-al20_firmware>>8.0.0.132\(c00\)

cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.132\(c00\):*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-al20_firmware>>8.0.0.132d\(c00\)

cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.132d\(c00\):*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-al20_firmware>>8.0.0.142\(c00\)

cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.142\(c00\):*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-al20_firmware>>8.0.0.151\(c00\)

cpe:2.3:o:huawei:berkeley-al20_firmware:8.0.0.151\(c00\):*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-al20>>-

cpe:2.3:h:huawei:berkeley-al20:-:*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-bd_firmware>>1.0.0.21

cpe:2.3:o:huawei:berkeley-bd_firmware:1.0.0.21:*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-bd_firmware>>1.0.0.22

cpe:2.3:o:huawei:berkeley-bd_firmware:1.0.0.22:*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-bd_firmware>>1.0.0.23

cpe:2.3:o:huawei:berkeley-bd_firmware:1.0.0.23:*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-bd_firmware>>1.0.0.24

cpe:2.3:o:huawei:berkeley-bd_firmware:1.0.0.24:*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-bd_firmware>>1.0.0.26

cpe:2.3:o:huawei:berkeley-bd_firmware:1.0.0.26:*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-bd_firmware>>1.0.0.29

cpe:2.3:o:huawei:berkeley-bd_firmware:1.0.0.29:*:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>berkeley-bd>>-

cpe:2.3:h:huawei:berkeley-bd:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-415	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone	psirt@huawei.com	Vendor Advisory