Details of VAR-201609-0181

ID

VAR-201609-0181

CVE

CVE-2016-8279

TITLE

plural Huawei Service disruption in video drivers for smartphone software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-005046

DESCRIPTION

The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlDenial of service operations through a specially crafted application by an attacker ( Reboot device ) There is a possibility of being put into a state. HuaweiMateS is a smartphone product of China Huawei. Video drivers in various Huawei smartphones have security vulnerabilities that allow remote attackers to exploit vulnerabilities to pass specific parameters to mobile phones through malicious applications for denial of service attacks. Huawei Smart Phone is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition. The following products are vulnerable: Versions of Mate S and P8 before CRR-TL00C01B362 are affected. Versions of Hono6 and Honor6 Plus prior to 6.9.16 are affected

Trust: 2.52

sources: NVD: CVE-2016-8279 // JVNDB: JVNDB-2016-005046 // CNVD: CNVD-2016-08186 // BID: 93096 // VULHUB: VHN-97099

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-08186

AFFECTED PRODUCTS

vendor:	huawei	model:	mate s	scope:	eq	version:	crr-ul20	Trust: 1.6
vendor:	huawei	model:	mate s	scope:	eq	version:	crr-tl00	Trust: 1.6
vendor:	huawei	model:	p8	scope:	eq	version:	gra-tl00	Trust: 1.6
vendor:	huawei	model:	p8	scope:	eq	version:	gra-ul10	Trust: 1.6
vendor:	huawei	model:	p8	scope:	eq	version:	gra-cl00	Trust: 1.6
vendor:	huawei	model:	mate s	scope:	eq	version:	crr-cl00	Trust: 1.6
vendor:	huawei	model:	mate s	scope:	eq	version:	crr-cl20	Trust: 1.6
vendor:	huawei	model:	p8	scope:	eq	version:	gra-ul00	Trust: 1.6
vendor:	huawei	model:	honor6	scope:	lte	version:	6.9	Trust: 1.0
vendor:	huawei	model:	mate s	scope:	eq	version:	crr-tl00c01b362	Trust: 0.8
vendor:	huawei	model:	honor 6 plus	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p8	scope:	lt	version:	gra-cl00	Trust: 0.8
vendor:	huawei	model:	mate s	scope:	lt	version:	crr-cl20	Trust: 0.8
vendor:	huawei	model:	p8	scope:	eq	version:	gra-cl00c92b366	Trust: 0.8
vendor:	huawei	model:	mate s	scope:	lt	version:	crr-cl00	Trust: 0.8
vendor:	huawei	model:	honor 6	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p8	scope:	lt	version:	gra-tl00	Trust: 0.8
vendor:	huawei	model:	mate s	scope:	eq	version:	crr-cl20c92b362	Trust: 0.8
vendor:	huawei	model:	mate s	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p8	scope:	lt	version:	gra-ul00	Trust: 0.8
vendor:	huawei	model:	mate s	scope:	lt	version:	crr-tl00	Trust: 0.8
vendor:	huawei	model:	p8	scope:	eq	version:	gra-ul00c00b366	Trust: 0.8
vendor:	huawei	model:	p8	scope:	eq	version:	gra-tl00c01b366	Trust: 0.8
vendor:	huawei	model:	mate s	scope:	eq	version:	crr-ul20c00b362	Trust: 0.8
vendor:	huawei	model:	mate s	scope:	eq	version:	crr-cl00c92b362	Trust: 0.8
vendor:	huawei	model:	p8	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p8	scope:	lt	version:	gra-ul10	Trust: 0.8
vendor:	huawei	model:	mate s	scope:	lt	version:	crr-ul20	Trust: 0.8
vendor:	huawei	model:	p8	scope:	eq	version:	gra-ul10c00b366	Trust: 0.8
vendor:	huawei	model:	mate s <crr-tl00c01b362	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	mate s <crr-ul20c00b362	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	mate s <crr-cl00c92b362	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	mate s <crr-cl20c92b362	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p8 <gra-tl00c01b366	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p8 <gra-ul00c00b366	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p8 <gra-ul10c00b366	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p8 <gra-cl00c92b366	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	glory	scope:	eq	version:	6<6.9.16	Trust: 0.6
vendor:	huawei	model:	glory plus	scope:	eq	version:	6<6.9.16	Trust: 0.6
vendor:	huawei	model:	honor6	scope:	eq	version:	6.9	Trust: 0.6
vendor:	huawei	model:	p8 gra-ul10c00b230	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-ul10c00b220	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-ul00c00b350	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-ul00c00b230	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-ul00c00b220	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-ul00c00b182	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-tl00c01b350	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-tl00c01b230	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-tl00c01b220sp01	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-tl00c01b220	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-tl00c01b182	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-cl10c92b350	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-cl10c92b230	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-cl10c92b220	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-cl00c92b363	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-cl00c92b350	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-cl00c92b230	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-cl00c92b220	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 gra-cl00c92b182	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	mate s crr-ul00c00b160	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	mate s crr-ul00c00b153	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	mate s crr-tl00c01b160sp01	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	mate s crr-tl00c01b153sp01	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	mate s crr-cl00c92b161	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	mate s crr-cl00c92b153	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	honor6 plus	scope:	eq	version:	0	Trust: 0.3
vendor:	huawei	model:	honor6 h60-l21c00b850	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	honor6 h60-l12c00b850	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	honor6 h60-l11c00b850	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	honor6 h60-l03c01b850	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	honor6 h60-l02c00b850	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	honor6 h60-l01c00b850	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	p8 crr-tl00c01b362	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	mate s crr-tl00c01b362	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	honor6 plus	scope:	ne	version:	6.9.16	Trust: 0.3
vendor:	huawei	model:	honor6	scope:	ne	version:	6.9.16	Trust: 0.3

sources: CNVD: CNVD-2016-08186 // BID: 93096 // JVNDB: JVNDB-2016-005046 // CNNVD: CNNVD-201609-500 // NVD: CVE-2016-8279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8279
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-8279
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-08186
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201609-500
value:	HIGH
Trust: 0.6
VULHUB:	VHN-97099
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-8279
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-08186
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97099
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8279
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-08186 // VULHUB: VHN-97099 // JVNDB: JVNDB-2016-005046 // CNNVD: CNNVD-201609-500 // NVD: CVE-2016-8279

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-97099 // JVNDB: JVNDB-2016-005046 // NVD: CVE-2016-8279

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-500

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201609-500

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005046

PATCH

title:	huawei-sa-20160921-01-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160921-01-smartphone-en	Trust: 0.8
title:	Patches for multiple Huawei smartphone denial of service vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/81804	Trust: 0.6
title:	Multiple Huawei Fixes for smartphone video driver denial of service vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64237	Trust: 0.6

sources: CNVD: CNVD-2016-08186 // JVNDB: JVNDB-2016-005046 // CNNVD: CNNVD-201609-500

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8279	Trust: 3.4
db:	BID	id:	93096	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-005046	Trust: 0.8
db:	CNNVD	id:	CNNVD-201609-500	Trust: 0.7
db:	CNVD	id:	CNVD-2016-08186	Trust: 0.6
db:	VULHUB	id:	VHN-97099	Trust: 0.1

sources: CNVD: CNVD-2016-08186 // VULHUB: VHN-97099 // BID: 93096 // JVNDB: JVNDB-2016-005046 // CNNVD: CNNVD-201609-500 // NVD: CVE-2016-8279

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160921-01-smartphone-en	Trust: 2.0
url:	http://www.securityfocus.com/bid/93096	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8279	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8279	Trust: 0.8
url:	http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160921-01-smartphone-cn	Trust: 0.6
url:	http://www.huawei.com	Trust: 0.3

sources: CNVD: CNVD-2016-08186 // VULHUB: VHN-97099 // BID: 93096 // JVNDB: JVNDB-2016-005046 // CNNVD: CNNVD-201609-500 // NVD: CVE-2016-8279

CREDITS

Wang Qize, Zhu Bin of VPP Security Team and PanYu of 360 Vulpecker Team.

Trust: 0.9

sources: BID: 93096 // CNNVD: CNNVD-201609-500

SOURCES

db:	CNVD	id:	CNVD-2016-08186
db:	VULHUB	id:	VHN-97099
db:	BID	id:	93096
db:	JVNDB	id:	JVNDB-2016-005046
db:	CNNVD	id:	CNNVD-201609-500
db:	NVD	id:	CVE-2016-8279

LAST UPDATE DATE

2024-11-23T21:54:28.073000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-08186	date:	2016-09-27T00:00:00
db:	VULHUB	id:	VHN-97099	date:	2016-12-02T00:00:00
db:	BID	id:	93096	date:	2016-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2016-005046	date:	2016-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201609-500	date:	2016-09-27T00:00:00
db:	NVD	id:	CVE-2016-8279	date:	2024-11-21T02:59:04.100

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-08186	date:	2016-09-27T00:00:00
db:	VULHUB	id:	VHN-97099	date:	2016-09-26T00:00:00
db:	BID	id:	93096	date:	2016-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-005046	date:	2016-10-04T00:00:00
db:	CNNVD	id:	CNNVD-201609-500	date:	2016-09-22T00:00:00
db:	NVD	id:	CVE-2016-8279	date:	2016-09-26T14:59:09.680