The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack.
The product calls free() twice on the same memory address.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vicky-al00a_firmware | Huawei | vicky-al00ac00b124d (including) | vicky-al00ac00b124d (including) |
Vicky-al00a_firmware | Huawei | vicky-al00ac00b157d (including) | vicky-al00ac00b157d (including) |
Vicky-al00a_firmware | Huawei | vicky-al00ac00b167 (including) | vicky-al00ac00b167 (including) |