Sign-up

ID

VAR-201704-0495


CVE

CVE-2016-8760


TITLE

plural Huawei Buffer error vulnerability in touchscreen driver of smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2016-008234

DESCRIPTION

Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege. Huawei P9 , P9 Plus ,and Honor 6 A buffer error vulnerability exists in the touch screen driver of the smartphone software.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. HuaweiSmartPhones is a smart phone from China Huawei. A number of Huawei smartphone drivers have a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on an affected device. Multiple Huawei Smart Phones drivers are prone to stack-based buffer overflow and heap-based buffer overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. Huawei P9 versions prior to EVA-AL10C00B192 are vulnerable. Honor 6 versions prior to H60-L02_6.10.1 are vulnerable. Huawei Smart Phones P9 is a smartphone from the Chinese company Huawei. Tothscreen is one of the touch screen drivers. Attackers can exploit this vulnerability to crash the system or elevate privileges by enticing users to install malicious applications and sending specific parameters to the touthscreen driver

Trust: 2.52

sources: NVD: CVE-2016-8760 // JVNDB: JVNDB-2016-008234 // CNVD: CNVD-2016-09938 // BID: 93530 // VULHUB: VHN-97580

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-09938

AFFECTED PRODUCTS

vendor:huaweimodel:p9 plusscope:eqversion: -

Trust: 1.6

vendor:huaweimodel:p9scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:honor 6scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:honor 6scope: - version: -

Trust: 0.8

vendor:huaweimodel:p9 plusscope: - version: -

Trust: 0.8

vendor:huaweimodel:p9scope: - version: -

Trust: 0.8

vendor:huaweimodel:p9 <eva-al10c00b192scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 eva-al10c00b190scope: - version: -

Trust: 0.3

vendor:huaweimodel:honorscope:eqversion:66.9.16

Trust: 0.3

vendor:huaweimodel:honorscope:eqversion:66.9

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00b192scope:neversion: -

Trust: 0.3

vendor:huaweimodel:honor h60-l02 6.10.1scope:neversion:6

Trust: 0.3

sources: CNVD: CNVD-2016-09938 // BID: 93530 // JVNDB: JVNDB-2016-008234 // CNNVD: CNNVD-201610-664 // NVD: CVE-2016-8760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8760
value: HIGH

Trust: 1.0

NVD: CVE-2016-8760
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-09938
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201610-664
value: CRITICAL

Trust: 0.6

VULHUB: VHN-97580
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-8760
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-09938
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97580
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8760
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-09938 // VULHUB: VHN-97580 // JVNDB: JVNDB-2016-008234 // CNNVD: CNNVD-201610-664 // NVD: CVE-2016-8760

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-97580 // JVNDB: JVNDB-2016-008234 // NVD: CVE-2016-8760

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-664

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201610-664

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008234

PATCH
title:huawei-sa-20161012-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en
Trust: 0.8
title:Patch for multiple Huawei smartphone driver heap buffer overflow vulnerabilities (CNVD-2016-09938)url:https://www.cnvd.org.cn/patchInfo/show/82929
Trust: 0.6
title:Huawei Smart Phones P9 touthscreen Driver fix for heap-based buffer overflow vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65045
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-09938 // 
            
            
            
            JVNDB: JVNDB-2016-008234 // 
            
            
            
            CNNVD: CNNVD-201610-664

EXTERNAL IDS
db:NVDid:CVE-2016-8760
Trust: 3.4
db:BIDid:93530
Trust: 2.6
db:JVNDBid:JVNDB-2016-008234
Trust: 0.8
db:CNNVDid:CNNVD-201610-664
Trust: 0.7
db:CNVDid:CNVD-2016-09938
Trust: 0.6
db:VULHUBid:VHN-97580
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-09938 // 
            
            
            
            VULHUB: VHN-97580 // 
            
            
            
            BID: 93530 // 
            
            
            
            JVNDB: JVNDB-2016-008234 // 
            
            
            
            CNNVD: CNNVD-201610-664 // 
            
            
            
            NVD: CVE-2016-8760

REFERENCES
url:http://www.securityfocus.com/bid/93530
Trust: 2.3
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8760
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8760
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-09938 // 
            
            
            
            VULHUB: VHN-97580 // 
            
            
            
            BID: 93530 // 
            
            
            
            JVNDB: JVNDB-2016-008234 // 
            
            
            
            CNNVD: CNNVD-201610-664 // 
            
            
            
            NVD: CVE-2016-8760

CREDITS
Zhao Jianqiang from Lab 0x031E of Qihoo 360 Technology Co. Ltd.
Trust: 0.9
sources:
            
            
            BID: 93530 // 
            
            
            
            CNNVD: CNNVD-201610-664

SOURCES
db:CNVDid:CNVD-2016-09938
db:VULHUBid:VHN-97580
db:BIDid:93530
db:JVNDBid:JVNDB-2016-008234
db:CNNVDid:CNNVD-201610-664
db:NVDid:CVE-2016-8760

LAST UPDATE DATE
2024-11-23T21:54:08.942000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-09938date:2016-10-25T00:00:00
db:VULHUBid:VHN-97580date:2017-04-07T00:00:00
db:BIDid:93530date:2016-12-20T01:09:00
db:JVNDBid:JVNDB-2016-008234date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201610-664date:2016-10-24T00:00:00
db:NVDid:CVE-2016-8760date:2024-11-21T03:00:00.590

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-09938date:2016-10-25T00:00:00
db:VULHUBid:VHN-97580date:2017-04-02T00:00:00
db:BIDid:93530date:2016-10-12T00:00:00
db:JVNDBid:JVNDB-2016-008234date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201610-664date:2016-10-24T00:00:00
db:NVDid:CVE-2016-8760date:2017-04-02T20:59:01.220