Huawei P2 “hx170dec” Privilege Escalation Vulnerability

CVE-2014-2273

Type

Local Root Privilege Escalation on Huawei P2

Severity

High

Affected products

Hx170dec device

Date

2014-11-05

CVE Reference

CVE-2014-2273

MWR have discovered a vulnerability in one of the kernel drivers shipped with the Huawei P2 mobile phone. This vulnerability allows any application on the phone to gain root privileges by making a specially crafted request to a block device that is accessible to any user.

The advisory can be downloaded here.