Huawei Frame Buffer Driver Arbitrary Memory Write
- Published: 18 Jul 2017
Huawei Frame Buffer Driver Arbitrary Memory Write
Share
Type
- Memory Write
Severity
- High
Affected products
- Huawei Y6 Pro Dual SIM (TIT-L01C576B115)
CVE Reference
- N/A
Timeline
| 2017-03-28 | Issue reported to Huawei. |
| 2017-06-05 | Huawei confirmed this issue was fixed in version TIT-L01C576B119. |
Description
Huawei is a company that provides networking and telecommunications equipment.
The MediaTek frame buffer driver, as shipped with Huawei Y6 Pro, implements an IOCTL interface vulnerable to an arbitrary memory write due to insufficient input validation.
Impact
Local processes running in the context of a system application, media server, or system server can leverage the frame buffer driver memory corruption to escalate their privileges to root or kernel.
Cause
The MediaTek frame buffer driver fails to validate user-supplied data.
Solution
This vulnerability was resolved by Huawei in version TIT-L01C576B119. More information can be found on the Huawei web page: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170527-01-smartphone-en
Technical details
Please refer to the attached advisory.