VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 31, 2018· Updated Aug 5, 2024

CVE-2018-7993

CVE-2018-7993

Description

HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A use-after-free in Huawei Mate 10's mediaserver allows an attacker to execute arbitrary code by tricking a user into installing a malicious app.

Vulnerability

The mediaserver component in HUAWEI Mate 10 smartphones running versions earlier than ALP-AL00 8.1.0.311 contains a use-after-free vulnerability [1]. The software references memory after it has been freed, leading to a memory corruption condition [1].

Exploitation

An attacker must trick the user into installing a malicious application [1]. The app triggers the use-after-free by sending crafted data to the mediaserver component, causing the software to access freed memory [1]. No additional privileges or network access are required beyond the malicious app running on the device.

Impact

Successful exploitation allows the attacker to execute arbitrary code within the context of the mediaserver process [1]. This can lead to information disclosure, denial of service, or full compromise of the affected device, depending on the payload.

Mitigation

Huawei has released a software update that resolves the vulnerability. Users should upgrade their HUAWEI Mate 10 to version ALP-AL00 8.1.0.311 or later [1]. No workarounds are provided. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the advisory date.

References
  1. Security Advisory - Use After Free Vulnerability on Smartphone

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Huawei/Mate 10llm-fuzzy
    Range: < ALP-AL00 8.1.0.311
  • Huawei Technologies Co., Ltd./HUAWEI Mate 10v5
    Range: Versions earlier than ALP-AL00 8.1.0.311

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.