MediaTek Log Filtering Driver Information Disclosure

Product Huawei Y6 Pro Dualsim
Severity Low
CVE Reference CVE-2017-17140
Type Information Disclosure

Description

Huawei is a company that provides networking and telecommunications equipment.
The MediaTek log filtering driver (‘xLog’), as shipped with Huawei Y6 Pro, implements a mmap interface vulnerable to an information disclosure due to insufficient input validation.

Impact

Exploitation of this issue could allow any user to disclose sensitive information (kernel memory), which could then be used to develop further attacks.

Cause

The MediaTek log filtering driver fails to validate user-supplied input.

Solution

This vulnerability was resolved by Huawei in version TIT-L01C576B121. More information can be found on the Huawei web page: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-02-smartphone-en

Technical details

 Please refer to the attached advisory.

Disclosure Timeline

Date

Summary

2017-08-22

Issue reported to Huawei.

2017-12-15

Huawei confirmed this issue was fixed in version TIT-L01C576B121

2018-04-13

Advisory published by MWR