Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.
Weakness
The product calls free() twice on the same memory address.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Emily-l29c_firmware | Huawei | 8.1.0.132a(c432) (including) | 8.1.0.132a(c432) (including) |
| Emily-l29c_firmware | Huawei | 8.1.0.135(c782) (including) | 8.1.0.135(c782) (including) |
| Emily-l29c_firmware | Huawei | 8.1.0.154(c10) (including) | 8.1.0.154(c10) (including) |
| Emily-l29c_firmware | Huawei | 8.1.0.154(c461) (including) | 8.1.0.154(c461) (including) |
| Emily-l29c_firmware | Huawei | 8.1.0.154(c635) (including) | 8.1.0.154(c635) (including) |
| Emily-l29c_firmware | Huawei | 8.1.0.156(c185) (including) | 8.1.0.156(c185) (including) |
| Emily-l29c_firmware | Huawei | 8.1.0.156(c605) (including) | 8.1.0.156(c605) (including) |
| Emily-l29c_firmware | Huawei | 8.1.0.159(c636) (including) | 8.1.0.159(c636) (including) |