Sign-up

ID

VAR-201704-0497


CVE

CVE-2016-8762


TITLE

plural Huawei Smartphone software TrustZone Driver input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008236

DESCRIPTION

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart. Huawei P9, P9Lite, and P8Lite are Huawei smartphones. A denial of service vulnerability exists in some of Huawei's mobile phone TrustZone drivers. An attacker could convince a user to install a malicious application, and the application exploited the vulnerability to pass specific parameters to the TrustZone driver, causing the system to reboot. Multiple Huawei Products are prone to the following multiple security vulnerabilities. 1. A denial-of-service vulnerability. 2. A privilege escalation vulnerability. 3. A security bypass vulnerability. Attackers can exploit these issues to perform certain unauthorized actions or gain elevated privileges. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2016-8762 // JVNDB: JVNDB-2016-008236 // CNVD: CNVD-2016-11631 // BID: 94509 // VULHUB: VHN-97582 // VULMON: CVE-2016-8762

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11631

AFFECTED PRODUCTS

vendor:huaweimodel:p9scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:p9 litescope:lteversion:vns-l21c185b130

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l02c636b150

Trust: 1.0

vendor:huaweimodel:p8 litescope: - version: -

Trust: 0.8

vendor:huaweimodel:p9 litescope: - version: -

Trust: 0.8

vendor:huaweimodel:p9scope: - version: -

Trust: 0.8

vendor:huaweimodel:p9 <eva-al10c00b352scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 lite <vns-l21c185b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 lite <ale-l02c636b150scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 litescope:eqversion:vns-l21c185b130

Trust: 0.6

vendor:huaweimodel:p8 litescope:eqversion:ale-l02c636b150

Trust: 0.6

vendor:huaweimodel:p9 lite vns-l21c185b130scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l02c636b150scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 lite vns-l21c185b150scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al00c00b352scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l02c636b170scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2016-11631 // BID: 94509 // JVNDB: JVNDB-2016-008236 // CNNVD: CNNVD-201611-653 // NVD: CVE-2016-8762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8762
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8762
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-11631
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201611-653
value: LOW

Trust: 0.6

VULHUB: VHN-97582
value: LOW

Trust: 0.1

VULMON: CVE-2016-8762
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-8762
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-11631
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97582
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8762
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11631 // VULHUB: VHN-97582 // VULMON: CVE-2016-8762 // JVNDB: JVNDB-2016-008236 // CNNVD: CNNVD-201611-653 // NVD: CVE-2016-8762

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-97582 // JVNDB: JVNDB-2016-008236 // NVD: CVE-2016-8762

THREAT TYPE

local

Trust: 0.9

sources: BID: 94509 // CNNVD: CNNVD-201611-653

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201611-653

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008236

PATCH
title:huawei-sa-20161123-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en
Trust: 0.8
title:Huawei's mobile phone TrustZone driver has a patch for denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/84468
Trust: 0.6
title:Multiple Huawei Repair measures for device security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65928
Trust: 0.6
title:boomerangurl:https://github.com/ucsb-seclab/boomerang 
Trust: 0.1
title: - url:https://github.com/23hour/boomerang_qemu 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11631 // 
            
            
            
            VULMON: CVE-2016-8762 // 
            
            
            
            JVNDB: JVNDB-2016-008236 // 
            
            
            
            CNNVD: CNNVD-201611-653

EXTERNAL IDS
db:NVDid:CVE-2016-8762
Trust: 3.5
db:BIDid:94509
Trust: 2.7
db:JVNDBid:JVNDB-2016-008236
Trust: 0.8
db:CNNVDid:CNNVD-201611-653
Trust: 0.7
db:CNVDid:CNVD-2016-11631
Trust: 0.6
db:VULHUBid:VHN-97582
Trust: 0.1
db:VULMONid:CVE-2016-8762
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11631 // 
            
            
            
            VULHUB: VHN-97582 // 
            
            
            
            VULMON: CVE-2016-8762 // 
            
            
            
            BID: 94509 // 
            
            
            
            JVNDB: JVNDB-2016-008236 // 
            
            
            
            CNNVD: CNNVD-201611-653 // 
            
            
            
            NVD: CVE-2016-8762

REFERENCES
url:http://www.securityfocus.com/bid/94509
Trust: 1.9
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8762
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8762
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-01-smartphone-en
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ucsb-seclab/boomerang
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11631 // 
            
            
            
            VULHUB: VHN-97582 // 
            
            
            
            VULMON: CVE-2016-8762 // 
            
            
            
            BID: 94509 // 
            
            
            
            JVNDB: JVNDB-2016-008236 // 
            
            
            
            CNNVD: CNNVD-201611-653 // 
            
            
            
            NVD: CVE-2016-8762

CREDITS
Nick Stephens.
Trust: 0.9
sources:
            
            
            BID: 94509 // 
            
            
            
            CNNVD: CNNVD-201611-653

SOURCES
db:CNVDid:CNVD-2016-11631
db:VULHUBid:VHN-97582
db:VULMONid:CVE-2016-8762
db:BIDid:94509
db:JVNDBid:JVNDB-2016-008236
db:CNNVDid:CNNVD-201611-653
db:NVDid:CVE-2016-8762

LAST UPDATE DATE
2024-11-23T21:41:29.446000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11631date:2016-11-29T00:00:00
db:VULHUBid:VHN-97582date:2017-04-07T00:00:00
db:VULMONid:CVE-2016-8762date:2017-04-07T00:00:00
db:BIDid:94509date:2016-12-20T01:02:00
db:JVNDBid:JVNDB-2016-008236date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201611-653date:2016-12-02T00:00:00
db:NVDid:CVE-2016-8762date:2024-11-21T03:00:00.833

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-11631date:2016-11-29T00:00:00
db:VULHUBid:VHN-97582date:2017-04-02T00:00:00
db:VULMONid:CVE-2016-8762date:2017-04-02T00:00:00
db:BIDid:94509date:2016-11-24T00:00:00
db:JVNDBid:JVNDB-2016-008236date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201611-653date:2016-11-24T00:00:00
db:NVDid:CVE-2016-8762date:2017-04-02T20:59:01.267