A vulnerability was found in Huawei P9 (Smartphone Operating System) (affected version not known). It has been declared as problematic. This vulnerability affects some unknown functionality of the component Audio Driver. The manipulation as part of a Application leads to a race condition vulnerability. The CWE definition for the vulnerability is CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. As an impact it is known to affect availability. CVE summarizes:

Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot.

The bug was discovered 08/02/2017. The weakness was presented 11/22/2017 (Website). The advisory is shared for download at huawei.com. This vulnerability was named CVE-2017-8148 since 04/25/2017. The exploitation appears to be difficult. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available.

The vulnerability was handled as a non-public zero-day exploit for at least 112 days. During that time the estimated underground price was around $0-$5k.

Upgrading eliminates this vulnerability.

Productinfo

Type

• Smartphone Operating System

Vendor

• Huawei

Name

• P9

License

• commercial

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion