Security Advisory - Information Disclosure Vulnerability in the Synaptics Touchscreen Driver
- SA No:huawei-sa-20171020-01-synaptics
- Initial Release Date: 2017-10-20
- Last Release Date: 2017-10-20
An information disclosure vulnerability in the Synaptics touchscreen driver. An attacker tricks a user into installing a malicious application on the smart phone, and it could enable to access data outside of its permission levels. And cause to the sensitive information leaks. (Vulnerability ID: HWPSIRT-2017-08186)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-0650.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171020-01-synaptics-en
|
Product Name |
Affected Version |
Resolved Product and Version |
|
CAM-AL00 |
Earlier than CAM-AL00C00B220 versions |
CAM-AL00C00B220 |
|
FRD-L02 |
Earlier than FRD-L02C432B394 versions |
Upgrade to FRD-L02C432B394 |
|
FRD-L04 |
Earlier than FRD-L04C567B388 versions |
Upgrade to FRD-L04C567B388 |
|
Earlier than FRD-L04C605B131CUSTC605D004 versions |
Upgrade to FRD-L04C605B131CUSTC605D004 |
|
|
FRD-L09 |
Earlier than FRD-L09C432B394 versions |
Upgrade to FRD-L09C432B394 |
|
FRD-L14 |
Earlier than FRD-L14C567B388 versions |
Upgrade to FRD-L14C567B388 |
|
FRD-L19 |
Earlier than FRD-L19C432B398 versions |
Upgrade to FRD-L19C432B398 |
|
NTS-AL00 |
Earlier than NTS-AL00C00B539 versions |
Upgrade to NTS-AL00C00B539 |
|
Victoria-AL00A |
Earlier than Victoria-AL00AC00B167D versions |
Upgrade to Victoria-AL00AC00B167D |
|
Victoria-L29A |
Earlier than Victoria-L29BC636B162 versions |
Upgrade to Victoria-L29BC636B162 |
An attacker can exploit this vulnerability to obtain sensitive information of the user, and cause to the information leaks.
The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).
Base Score: 4.7 (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)
Temporal Score: 4.4 (E:F/RL:O/RC:C)
This vulnerability can be exploited only when the following conditions are present:
The attacker tricks a user into installing a malicious application on the smart phone.
Vulnerability details:
An information disclosure vulnerability in the Synaptics touchscreen driver. An attacker tricks a user into installing a malicious application on the smart phone, and it could enable to access data outside of its permission levels. And cause to the sensitive information leaks.
The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.
This vulnerability was disclosed by security researcher on Internet.
2017-10-20 V1.0 INITIAL
None
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.
