Huawei Frame Buffer Driver Information Leak

  • Published: 18 Jul 2017
  • Type: Information Leak
  • Severity: Medium

Affected Products

Huawei Y6 Pro Dual SIM (TIT-L01C576B115)

Timeline
2017-03-28Issue reported to Huawei.
2017-06-05Huawei confirmed this issue was fixed in version TIT-L01C576B119.

Download the advisory here

Description

Huawei is a company that provides networking and telecommunications equipment.

The MediaTek frame buffer driver, as shipped with Huawei Y6 Pro, implements an IOCTL interface vulnerable to an information leak due to insufficient input validation.

Impact

Local processes running in the context of a system application, media server, or system server can leverage this issue for disclosing kernel memory.

Cause

The MediaTek frame buffer driver fails to validate user-supplied data.

Solution

This vulnerability was resolved by Huawei in version TIT-L01C576B119. More information can be found on the Huawei web page: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170527-01-smartphone-en

Technical details

Please refer to the attached advisory.