This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Advisory - DoS Vulnerability in Some Huawei Smart Phones

  • SA No:huawei-sa-20171129-01-smartphone
  • Initial Release Date: 2017-11-29
  • Last Release Date: 2017-11-29

There is a denial of service (DoS) vulnerability in some Huawei smart phones. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable. (Vulnerability ID: HWPSIRT-2017-09006)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8164. 

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-smartphone-en

Product Name

Affected Version

Resolved Product and Version

EVA-AL10

EVA-AL10C00B198

EVA-AL10C00B397

EVA-CL00

EVA-CL00C92B198

EVA-CL00C92B397

EVA-DL00

EVA-DL00C17B198

EVA-DL00C17B397

EVA-L09

EVA-L09C02B143

EVA-L09C02B350

EVA-L09C09B150

EVA-L09C09B362

EVA-L09C109B196

EVA-L09C109B365

EVA-L09C113B150

EVA-L09C113B372

EVA-L09C150B192

EVA-L09C150B371

EVA-L09C178B161

EVA-L09C178B384

EVA-L09C185B180

EVA-L09C185B391

EVA-L09C22B140

EVA-L09C22B380

EVA-L09C25B133

EVA-L09C25B324CUSTC25D003

EVA-L09C33B191

EVA-L09C33B363

EVA-L09C34B142

EVA-L09C34B380

EVA-L09C40B196

EVA-L09C40B364

EVA-L09C432B210

EVA-L09C432B393

EVA-L09C440B138

EVA-L09C440B382

EVA-L09C464B150

EVA-L09C464B383

EVA-L09C530B127

EVA-L09C530B384

EVA-L09C55B190

EVA-L09C55B373

EVA-L09C576B150

EVA-L09C576B386

EVA-L09C635B221

EVA-L09C635B389

EVA-L09C636B193

EVA-L09C636B388

EVA-L09C675B130

EVA-L09C675B320CUSTC675D004

EVA-L09C688B143

EVA-L09C688B383

EVA-L09C703B160

EVA-L09C703B381

EVA-L09C706B145

EVA-L09C706B381

EVA-L09GBRC555B171

EVA-L09GBRC555B383

EVA-L09IRLC368B160

EVA-L09IRLC368B370

EVA-L19

EVA-L19C10B190

EVA-L19C10B391

EVA-L19C185B220

EVA-L19C185B390

EVA-L19C20B160

EVA-L19C20B386

EVA-L19C432B210

EVA-L19C432B390

EVA-L19C636B190

EVA-L19C636B392

EVA-L29

EVA-L29C20B160

EVA-L29C20B386

EVA-L29C636B191

EVA-L29C636B389

EVA-TL00

EVA-TL00C01B198

EVA-TL00C01B397

VIE-L09

VIE-L09C02B131

VIE-L09C02B334

VIE-L09C109B181

VIE-L09C109B340

VIE-L09C113B170

VIE-L09C113B371

VIE-L09C150B170

VIE-L09C150B373

VIE-L09C25B120

VIE-L09C25B320CUSTC25D004

VIE-L09C40B181

VIE-L09C40B360

VIE-L09C432B181

VIE-L09C432B377

VIE-L09C55B170

VIE-L09C55B371

VIE-L09C605B131

VIE-L09C605B371

VIE-L09ITAC555B130

VIE-L09ITAC555B371

VIE-L29

VIE-L29C10B170

VIE-L29C10B382

VIE-L29C185B181

VIE-L29C185B384

VIE-L29C605B131

VIE-L29C605B370

VIE-L29C636B202

VIE-L29C636B386


By exploiting this vulnerability, an attacker can cause camera application unusable.

The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).

Base Score: 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Temporal Score: 3.1 (E:F/RL:O/RC:C)

This vulnerability can be exploited only when the following conditions are present:

The attacker has successfully tricked a user into installing the malicious application.

Vulnerability details:

There is a denial of service (DoS) vulnerability in some Huawei smart phones. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable.

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.

This vulnerability was disclosed by Professor Zhiyun Qian from University of California, Riverside. Huawei would like to thank Professor Zhiyun Qian for working with us and coordinated vulnerability disclosure to protect our customers.

2017-11-29 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.