MediaTek Log Filtering Driver Information Disclosure
-
Mateusz Fruba - Published: 13 Apr 2018
MediaTek Log Filtering Driver Information Disclosure
CVE-2017-17140
Share
Type
- Information Disclosure
Severity
- Low
Affected products
- Huawei Y6 Pro Dualsim
CVE Reference
- CVE-2017-17140
Timeline
| 2017-08-22 | Issue reported to Huawei. |
| 2017-12-15 | Huawei confirmed this issue was fixed in version TIT-L01C576B121 |
| 2018-04-13 | Advisory published by MWR |
Description
Huawei is a company that provides networking and telecommunications equipment. The MediaTek log filtering driver (‘xLog’), as shipped with Huawei Y6 Pro, implements a mmap interface vulnerable to an information disclosure due to insufficient input validation.
Impact
Exploitation of this issue could allow any user to disclose sensitive information (kernel memory), which could then be used to develop further attacks.
Cause
The MediaTek log filtering driver fails to validate user-supplied input.
Solution
This vulnerability was resolved by Huawei in version TIT-L01C576B121. More information can be found on the Huawei web page: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en
Technical details
Please refer to the attached advisory.