ID

VAR-201704-0496


CVE

CVE-2016-8761


TITLE

plural Huawei Buffer error vulnerability in video driver for smartphone software

Trust: 0.8

sources: JVNDB: JVNDB-2016-008235

DESCRIPTION

Video driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a stack overflow vulnerability, which allows attackers to crash the system or escalate user privilege. Huawei P9 , P9 Plus ,and Honor 6 The video driver for smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. HuaweiSmartPhones is a smart phone from China Huawei. A number of Huawei smartphone drivers have a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code on an affected device. Multiple Huawei Smart Phones drivers are prone to stack-based buffer overflow and heap-based buffer overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. Huawei P9 versions prior to EVA-AL10C00B192 are vulnerable. Honor 6 versions prior to H60-L02_6.10.1 are vulnerable. Huawei Smart Phones P9 is a smartphone from the Chinese company Huawei. video driver is one of the video drivers. Attackers can exploit this vulnerability to crash the system or elevate privileges by enticing users to install malicious applications and send specific parameters to the video driver

Trust: 2.52

sources: NVD: CVE-2016-8761 // JVNDB: JVNDB-2016-008235 // CNVD: CNVD-2016-09937 // BID: 93530 // VULHUB: VHN-97581

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-09937

AFFECTED PRODUCTS

vendor:huaweimodel:p9 plusscope:eqversion: -

Trust: 1.6

vendor:huaweimodel:p9scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:honor 6scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:honor 6scope: - version: -

Trust: 0.8

vendor:huaweimodel:p9 plusscope: - version: -

Trust: 0.8

vendor:huaweimodel:p9scope: - version: -

Trust: 0.8

vendor:huaweimodel:p9 <eva-al10c00b192scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 eva-al10c00b190scope: - version: -

Trust: 0.3

vendor:huaweimodel:honorscope:eqversion:66.9.16

Trust: 0.3

vendor:huaweimodel:honorscope:eqversion:66.9

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00b192scope:neversion: -

Trust: 0.3

vendor:huaweimodel:honor h60-l02 6.10.1scope:neversion:6

Trust: 0.3

sources: CNVD: CNVD-2016-09937 // BID: 93530 // JVNDB: JVNDB-2016-008235 // CNNVD: CNNVD-201610-663 // NVD: CVE-2016-8761

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8761
value: HIGH

Trust: 1.0

NVD: CVE-2016-8761
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-09937
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201610-663
value: CRITICAL

Trust: 0.6

VULHUB: VHN-97581
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-8761
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-09937
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97581
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8761
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-09937 // VULHUB: VHN-97581 // JVNDB: JVNDB-2016-008235 // CNNVD: CNNVD-201610-663 // NVD: CVE-2016-8761

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-97581 // JVNDB: JVNDB-2016-008235 // NVD: CVE-2016-8761

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-663

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201610-663

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008235

PATCH

title:huawei-sa-20161012-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en

Trust: 0.8

title:Patch for multiple Huawei smartphone driver heap buffer overflow vulnerabilities (CNVD-2016-09937)url:https://www.cnvd.org.cn/patchInfo/show/82928

Trust: 0.6

title:Huawei Smart Phones P9 video Driver fix for stack-based buffer overflow vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65044

Trust: 0.6

sources: CNVD: CNVD-2016-09937 // JVNDB: JVNDB-2016-008235 // CNNVD: CNNVD-201610-663

EXTERNAL IDS

db:NVDid:CVE-2016-8761

Trust: 3.4

db:BIDid:93530

Trust: 2.6

db:JVNDBid:JVNDB-2016-008235

Trust: 0.8

db:CNNVDid:CNNVD-201610-663

Trust: 0.7

db:CNVDid:CNVD-2016-09937

Trust: 0.6

db:VULHUBid:VHN-97581

Trust: 0.1

sources: CNVD: CNVD-2016-09937 // VULHUB: VHN-97581 // BID: 93530 // JVNDB: JVNDB-2016-008235 // CNNVD: CNNVD-201610-663 // NVD: CVE-2016-8761

REFERENCES

url:http://www.securityfocus.com/bid/93530

Trust: 2.3

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en

Trust: 2.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8761

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2016-8761

Trust: 0.8

url:http://www.huawei.com

Trust: 0.3

sources: CNVD: CNVD-2016-09937 // VULHUB: VHN-97581 // BID: 93530 // JVNDB: JVNDB-2016-008235 // CNNVD: CNNVD-201610-663 // NVD: CVE-2016-8761

CREDITS

Zhao Jianqiang from Lab 0x031E of Qihoo 360 Technology Co. Ltd.

Trust: 0.9

sources: BID: 93530 // CNNVD: CNNVD-201610-663

SOURCES

db:CNVDid:CNVD-2016-09937
db:VULHUBid:VHN-97581
db:BIDid:93530
db:JVNDBid:JVNDB-2016-008235
db:CNNVDid:CNNVD-201610-663
db:NVDid:CVE-2016-8761

LAST UPDATE DATE

2024-11-23T21:54:08.977000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-09937date:2016-10-25T00:00:00
db:VULHUBid:VHN-97581date:2017-04-07T00:00:00
db:BIDid:93530date:2016-12-20T01:09:00
db:JVNDBid:JVNDB-2016-008235date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201610-663date:2016-11-15T00:00:00
db:NVDid:CVE-2016-8761date:2024-11-21T03:00:00.713

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-09937date:2016-10-25T00:00:00
db:VULHUBid:VHN-97581date:2017-04-02T00:00:00
db:BIDid:93530date:2016-10-12T00:00:00
db:JVNDBid:JVNDB-2016-008235date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201610-663date:2016-10-25T00:00:00
db:NVDid:CVE-2016-8761date:2017-04-02T20:59:01.250