Professional Documents
Culture Documents
HUAWEI JKM-LX1 8.2.0.102 (C185) Release Notes
HUAWEI JKM-LX1 8.2.0.102 (C185) Release Notes
JKM-LX1 CONFIDENTIAL
Commercial Name
Total 12 pages
HUAWEI Y9 2019
Vx.y
XXX Software Release Notes Vx.y
1 Version Description
Version Type TA
2 New Features
Index Case ID Issue Description
[Third-party software is a type of computer software that is sold together with or provided for free in Huawei
products or solutions with the ownership of intellectual property rights (IPR) held by the original contributors.
Third-party software can be but is not limited to: Purchased software, Software that is built in or attached to
purchased hardware, Software in products of the original equipment manufacturer (OEM) or original design
manufacturer (ODM), Software that is developed with technical contribution from partners (ownership of IPR
all or partially held by the partners), Software that is legally obtained free of charge.
The data of third-party software vulnerabilities fixes can be exported from PDM.
If the table is excessively long, you can divide it into multiple ones by product version, or deliver it in an excel
file with patch release notes and provide reference information in this section.]
Vulnerabilities information is available through CVE IDs in NVD (National Vulnerability Database) website:
http://web.nvd.nist.gov/view/vuln/search
Platform
Vx.y
7.0,7.1.1,7.1.2,8.0,8.1,9.0
CVE-
needed for exploitation.
In process_service_attr_req and The fix is
2018- process_service_search_attr_req designed to
9479 of sdp_server.cc, there is an out return an
of bounds write due to a missing error when
bounds check. This could lead to an offset is
remote code execution with no too large.
additional execution privileges
needed. User interaction is not
needed for exploitation.
Platform 7.0,7.1.1,7.1.2,8.0,8.1,9.0 CVE- In The fix is
2018- HeadsetInterface::ClccResponse designed to
9475 of btif_hf.cc, there is a possible appropriately
out of bounds stack write due to limit data
a missing bounds check. This written to
could lead to remote escalation arrays.
of privilege via Bluetooth, if the
recipient has enabled SIP calls
with no additional execution
privileges needed. User
interaction is not needed for
exploitation.
Platform 8.0,8.1,9.0 CVE- In decrypt of The fix is
2018- ClearKeyCasPlugin.cpp there is a designed to
9411 possible out-of-bounds write due avoid the
to a missing bounds check. This out-of-
could lead to remote arbitrary bounds
code execution with no write.
additional execution privileges
needed. User interaction is
needed for exploitation.
Platform 7.0,7.1.1,7.1.2,8.0,8.1,9.0 CVE- In l2cu_send_peer_config_rej of The fix is
2018- l2c_utils.cc, there is a possible designed to
9484 out of bounds read due to a add a bounds
missing bounds check. This could check.
lead to remote information
disclosure with no additional
execution privileges needed.
User interaction is not needed
for exploitation.
Platform 7.0,7.1.1,7.1.2,8.0,8.1 CVE- In xmlMemStrdupLoc of The fix is
2018- xmlmemory.c, there is a possible designed to
9472 out-of-bounds write due to an update
integer overflow. This could lead libxml2 to
to remote code execution in an 2.9.8.
unprivileged process with no
additional execution privileges
needed. User interaction is
needed for exploitation.
Platform 7.0,7.1.1,7.1.2,8.0,8.1,9.0 CVE- In l2cble_process_sig_cmd of The fix is
2018- l2c_ble.cc, there is a possible out designed to
9485 of bounds read due to a missing add bounds
bounds check. This could lead to checks.
remote information disclosure
over bluetooth with no
additional execution privileges
Page 9
XXX Software Release Notes CONFIDENTIAL
Page 10