Details of VAR-201704-0494

ID

VAR-201704-0494

CVE

CVE-2016-8759

TITLE

plural Huawei Buffer error vulnerability in video driver for smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2016-008233

DESCRIPTION

Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege. Huawei P9 , P9 Plus ,and Honor 6 The video driver for smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. HuaweiSmartPhones is a smart phone from China Huawei. A number of Huawei smartphone drivers have a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on an affected device. Multiple Huawei Smart Phones drivers are prone to stack-based buffer overflow and heap-based buffer overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. Huawei P9 versions prior to EVA-AL10C00B192 are vulnerable. Honor 6 versions prior to H60-L02_6.10.1 are vulnerable. Huawei Smart Phones P9 is a smartphone from the Chinese company Huawei. video driver is one of the video drivers. Attackers can exploit this vulnerability to crash the system or elevate privileges by enticing users to install malicious applications and send specific parameters to the video driver

Trust: 2.52

sources: NVD: CVE-2016-8759 // JVNDB: JVNDB-2016-008233 // CNVD: CNVD-2016-09936 // BID: 93530 // VULHUB: VHN-97579

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-09936

AFFECTED PRODUCTS

vendor:	huawei	model:	p9 plus	scope:	eq	version:	-	Trust: 1.6
vendor:	huawei	model:	p9	scope:	eq	version:	-	Trust: 1.6
vendor:	huawei	model:	honor 6	scope:	eq	version:	-	Trust: 1.6
vendor:	huawei	model:	honor 6	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p9 plus	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p9	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p9 <eva-al10c00b192	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	p9 eva-al10c00b190	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	honor	scope:	eq	version:	66.9.16	Trust: 0.3
vendor:	huawei	model:	honor	scope:	eq	version:	66.9	Trust: 0.3
vendor:	huawei	model:	p9 eva-al10c00b192	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	honor h60-l02 6.10.1	scope:	ne	version:	6	Trust: 0.3

sources: CNVD: CNVD-2016-09936 // BID: 93530 // JVNDB: JVNDB-2016-008233 // CNNVD: CNNVD-201610-662 // NVD: CVE-2016-8759

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8759
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-8759
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-09936
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201610-662
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-97579
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-8759
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-09936
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-97579
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8759
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-09936 // VULHUB: VHN-97579 // JVNDB: JVNDB-2016-008233 // CNNVD: CNNVD-201610-662 // NVD: CVE-2016-8759

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-97579 // JVNDB: JVNDB-2016-008233 // NVD: CVE-2016-8759

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-662

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201610-662

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008233

PATCH

title:	huawei-sa-20161012-01-smartphone	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en	Trust: 0.8
title:	Patches for multiple Huawei smartphone driver heap buffer overflow vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/82926	Trust: 0.6
title:	Huawei Smart Phones P9 video Driver fix for stack-based buffer overflow vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65043	Trust: 0.6

sources: CNVD: CNVD-2016-09936 // JVNDB: JVNDB-2016-008233 // CNNVD: CNNVD-201610-662

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8759	Trust: 3.4
db:	BID	id:	93530	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-008233	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-662	Trust: 0.7
db:	CNVD	id:	CNVD-2016-09936	Trust: 0.6
db:	VULHUB	id:	VHN-97579	Trust: 0.1

sources: CNVD: CNVD-2016-09936 // VULHUB: VHN-97579 // BID: 93530 // JVNDB: JVNDB-2016-008233 // CNNVD: CNNVD-201610-662 // NVD: CVE-2016-8759

REFERENCES

url:	http://www.securityfocus.com/bid/93530	Trust: 2.3
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8759	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8759	Trust: 0.8
url:	http://www.huawei.com	Trust: 0.3

sources: CNVD: CNVD-2016-09936 // VULHUB: VHN-97579 // BID: 93530 // JVNDB: JVNDB-2016-008233 // CNNVD: CNNVD-201610-662 // NVD: CVE-2016-8759

CREDITS

Zhao Jianqiang from Lab 0x031E of Qihoo 360 Technology Co. Ltd.

Trust: 0.9

sources: BID: 93530 // CNNVD: CNNVD-201610-662

SOURCES

db:	CNVD	id:	CNVD-2016-09936
db:	VULHUB	id:	VHN-97579
db:	BID	id:	93530
db:	JVNDB	id:	JVNDB-2016-008233
db:	CNNVD	id:	CNNVD-201610-662
db:	NVD	id:	CVE-2016-8759

LAST UPDATE DATE

2024-11-23T21:54:09.012000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-09936	date:	2016-10-25T00:00:00
db:	VULHUB	id:	VHN-97579	date:	2017-04-07T00:00:00
db:	BID	id:	93530	date:	2016-12-20T01:09:00
db:	JVNDB	id:	JVNDB-2016-008233	date:	2017-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201610-662	date:	2016-10-25T00:00:00
db:	NVD	id:	CVE-2016-8759	date:	2024-11-21T03:00:00.440

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-09936	date:	2016-10-25T00:00:00
db:	VULHUB	id:	VHN-97579	date:	2017-04-02T00:00:00
db:	BID	id:	93530	date:	2016-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-008233	date:	2017-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201610-662	date:	2016-10-25T00:00:00
db:	NVD	id:	CVE-2016-8759	date:	2017-04-02T20:59:01.173