CVE-2017-8158

medium

Published 2017-11-22 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVSS v2

4.9

VIR risk

6.5

Description

FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable.

Predictions

Exploit likelihood

65%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@huawei.com — http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170927-01-dos-en

Application impact

Vendor	Product	Versions	Fixed
huawei	fusioncompute	`v100r005c00`
huawei	fusioncompute	`v100r005c10`

References

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170927-01-dos-en
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170927-01-dos-en

CWEs

CWE-732

Verify integrity in audit chain (admin only). AS-IS.