CVE-2017-17313

The inputhub driver of HUAWEI P9 Lite mobile phones with Versions earlier than VNS-L21C02B341, Versions earlier than VNS-L21C22B380, Versions earlier than VNS-L31C02B341, Versions earlier than VNS-L31C440B390, Versions earlier than VNS-L31C636B396 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and the APP may sends specific data to the inputhub driver to exploit this vulnerability, successful exploit could cause the system reboot.

CVSS v3 5.5 MEDIUM
CVSS v2.0 7.1 HIGH

5.5^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-02-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-04-19 14:29

Updated : 2023-12-10 12:30

NVD link : CVE-2017-17313

Mitre link : CVE-2017-17313

CVE.ORG link : CVE-2017-17313

JSON object : View

Products Affected

huawei

p9_lite
p9_lite_firmware

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2017-17313", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-04-19T14:29:00.307", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-02-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The inputhub driver of HUAWEI P9 Lite mobile phones with Versions earlier than VNS-L21C02B341, Versions earlier than VNS-L21C22B380, Versions earlier than VNS-L31C02B341, Versions earlier than VNS-L31C440B390, Versions earlier than VNS-L31C636B396 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and the APP may sends specific data to the inputhub driver to exploit this vulnerability, successful exploit could cause the system reboot."}, {"lang": "es", "value": "El controlador inputhub de los tel\u00e9fonos m\u00f3viles HUAWEI P9 Lite en versiones anteriores a la VNS-L21C02B341, anteriores a la VNS-L21C22B380, anteriores a la VNS-L31C02B341, anteriores a la VNS-L31C440B390 y anteriores a la VNS-L31C636B396 tiene una vulnerabilidad de desbordamiento de b\u00fafer debido a la falta de validaci\u00f3n de par\u00e1metros. Un atacante enga\u00f1a a un usuario para que instale una aplicaci\u00f3n maliciosa y esta env\u00eda datos concretos al controlador inputhub para explotar esta vulnerabilidad que, si se explota correctamente, podr\u00eda provocar el reinicio del dispositivo."}], "lastModified": "2018-05-22T15:57:57.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E34C5BE5-CBB5-4249-9E26-0DFEB47A0B94", "versionEndExcluding": "vns-l31c02b341"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "866C3F90-FC3B-4A9F-8BAC-83A89077F96E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F99B76-4B29-40B2-BB7C-F132D3455E93", "versionEndExcluding": "vns-l21c22b380"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "866C3F90-FC3B-4A9F-8BAC-83A89077F96E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E34C5BE5-CBB5-4249-9E26-0DFEB47A0B94", "versionEndExcluding": "vns-l31c02b341"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "866C3F90-FC3B-4A9F-8BAC-83A89077F96E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4183378F-ABEA-419A-8271-3583AB4D07C9", "versionEndExcluding": "vns-l31c440b390"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "866C3F90-FC3B-4A9F-8BAC-83A89077F96E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FC2D8E5-7D6D-4A5E-89B9-8DB7DE35DCF6", "versionEndExcluding": "vns-l31c636b396"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "866C3F90-FC3B-4A9F-8BAC-83A89077F96E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}