A vulnerability, which was classified as problematic, was found in Huawei Honor 5A, Honor 8 Lite, Mate 9, Mate 9 Pro, P10 and P10 Plus (Smartphone Operating System). Affected is an unknown code block. The manipulation as part of a Application leads to a resource management vulnerability. CWE is classifying the issue as CWE-399. This is going to have an impact on availability. CVE summarizes:

Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery.

The bug was discovered 07/25/2017. The weakness was shared 11/22/2017 (Website). The advisory is shared for download at huawei.com. This vulnerability is traded as CVE-2017-8144 since 04/25/2017. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available.

The vulnerability was handled as a non-public zero-day exploit for at least 120 days. During that time the estimated underground price was around $5k-$25k.

Upgrading eliminates this vulnerability.

Productinfo

Type

• Smartphone Operating System

Vendor

• Huawei

Name

• Honor 5A
• Honor 8 Lite
• Mate 9
• Mate 9 Pro
• P10
• P10 Plus

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion