Sign-up

ID

VAR-201604-0457


CVE

CVE-2016-1496


TITLE

Huawei P8 Service disruption in graphic drivers for smartphone software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002068

DESCRIPTION

The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 allows attackers to cause a denial of service (system crash) via a crafted application, aka a "semaphore deadlock issue.". Huawei P8 Smart Phone is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition. The following Huawei P8 versions are affected: GRA-TL00C01B220 and earlier versions are affected GRA-CL00C92B220 and earlier versions are affected GRA-CL10C92B220 and earlier versions are affected GRA-UL00C00B220 and earlier versions are affected GRA-UL10C00B220 and earlier versions are affected. Huawei P8 is a smartphone product of the Chinese company Huawei (Huawei). graphics driver is one of the graphics driver components. A security vulnerability exists in the graphics driver component of the Huawei P8

Trust: 1.98

sources: NVD: CVE-2016-1496 // JVNDB: JVNDB-2016-002068 // BID: 86704 // VULHUB: VHN-90315

AFFECTED PRODUCTS

vendor:huaweimodel:p8scope:eqversion:gra-ul10c00b220

Trust: 1.0

vendor:huaweimodel:p8scope:eqversion:gra-tl00c01b220

Trust: 1.0

vendor:huaweimodel:p8scope:eqversion:gra-ul00c00b220

Trust: 1.0

vendor:huaweimodel:p8scope:eqversion:gra-cl10c92b220

Trust: 1.0

vendor:huaweimodel:p8scope:eqversion:gra-cl00c92b220

Trust: 1.0

vendor:huaweimodel:p8scope:eqversion:gra-ul10c00b230

Trust: 0.8

vendor:huaweimodel:p8scope:eqversion:gra-tl00c01b230

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-cl10

Trust: 0.8

vendor:huaweimodel:p8scope: - version: -

Trust: 0.8

vendor:huaweimodel:p8scope:eqversion:gra-cl00c92b230

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-ul10

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-ul00

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-cl00

Trust: 0.8

vendor:huaweimodel:p8scope:eqversion:gra-ul00c00b230

Trust: 0.8

vendor:huaweimodel:p8scope:ltversion:gra-tl00

Trust: 0.8

vendor:huaweimodel:p8scope:eqversion:gra-cl10c92b230

Trust: 0.8

vendor:huaweimodel:p8scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2016-002068 // CNNVD: CNNVD-201604-270 // NVD: CVE-2016-1496

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1496
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1496
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201604-270
value: HIGH

Trust: 0.6

VULHUB: VHN-90315
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1496
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90315
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1496
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90315 // JVNDB: JVNDB-2016-002068 // CNNVD: CNNVD-201604-270 // NVD: CVE-2016-1496

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-90315 // JVNDB: JVNDB-2016-002068 // NVD: CVE-2016-1496

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-270

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201604-270

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002068

PATCH
title:Huawei-SA-20160113-01-SmartPhoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-01-smartphone-en
Trust: 0.8
title:Huawei P8 Fixes for the graphics driver component denial of service vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60937
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002068 // 
            
            
            
            CNNVD: CNNVD-201604-270

EXTERNAL IDS
db:NVDid:CVE-2016-1496
Trust: 2.8
db:JVNDBid:JVNDB-2016-002068
Trust: 0.8
db:CNNVDid:CNNVD-201604-270
Trust: 0.6
db:BIDid:86704
Trust: 0.3
db:VULHUBid:VHN-90315
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90315 // 
            
            
            
            BID: 86704 // 
            
            
            
            JVNDB: JVNDB-2016-002068 // 
            
            
            
            CNNVD: CNNVD-201604-270 // 
            
            
            
            NVD: CVE-2016-1496

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-01-smartphone-en
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1496
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1496
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90315 // 
            
            
            
            BID: 86704 // 
            
            
            
            JVNDB: JVNDB-2016-002068 // 
            
            
            
            CNNVD: CNNVD-201604-270 // 
            
            
            
            NVD: CVE-2016-1496

CREDITS
Zhao Jianqiang from Lab 0x031E of Qihoo 360 Technology Co. Ltd.
Trust: 0.3
sources:
            
            
            BID: 86704

SOURCES
db:VULHUBid:VHN-90315
db:BIDid:86704
db:JVNDBid:JVNDB-2016-002068
db:CNNVDid:CNNVD-201604-270
db:NVDid:CVE-2016-1496

LAST UPDATE DATE
2024-11-23T22:01:32.901000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90315date:2016-04-14T00:00:00
db:BIDid:86704date:2016-07-06T14:31:00
db:JVNDBid:JVNDB-2016-002068date:2016-04-18T00:00:00
db:CNNVDid:CNNVD-201604-270date:2016-04-14T00:00:00
db:NVDid:CVE-2016-1496date:2024-11-21T02:46:33.393

SOURCES RELEASE DATE
db:VULHUBid:VHN-90315date:2016-04-13T00:00:00
db:BIDid:86704date:2016-04-20T00:00:00
db:JVNDBid:JVNDB-2016-002068date:2016-04-18T00:00:00
db:CNNVDid:CNNVD-201604-270date:2016-04-14T00:00:00
db:NVDid:CVE-2016-1496date:2016-04-13T14:59:06.937