Sign-up

ID

VAR-201704-0498


CVE

CVE-2016-8763


TITLE

plural Huawei Smartphone software TrustZone Driver vulnerabilities related to resource control throughout the lifetime

Trust: 0.8

sources: JVNDB: JVNDB-2016-008237

DESCRIPTION

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an improper resource release vulnerability, which allows attackers to cause a system restart or privilege elevation. Huawei P9, P9Lite, and P8Lite are Huawei smartphones. Some of Huawei's mobile phone TrustZone drivers have privilege escalation vulnerabilities. An attacker could convince a user to install a malicious application that could be exploited by an application to send specific parameters to the TrustZone driver, resulting in a system reboot or elevated user rights. Multiple Huawei Products are prone to the following multiple security vulnerabilities. 1. A denial-of-service vulnerability. 2. 3. A security bypass vulnerability. Attackers can exploit these issues to perform certain unauthorized actions or gain elevated privileges. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2016-8763 // JVNDB: JVNDB-2016-008237 // CNVD: CNVD-2016-11633 // BID: 94509 // VULHUB: VHN-97583 // VULMON: CVE-2016-8763

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11633

AFFECTED PRODUCTS

vendor:huaweimodel:p9scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:p9 litescope:lteversion:vns-l21c185b130

Trust: 1.0

vendor:huaweimodel:p8 litescope:lteversion:ale-l02c636b150

Trust: 1.0

vendor:huaweimodel:p8 litescope: - version: -

Trust: 0.8

vendor:huaweimodel:p9 litescope: - version: -

Trust: 0.8

vendor:huaweimodel:p9scope: - version: -

Trust: 0.8

vendor:huaweimodel:p9 <eva-al10c00b352scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 lite <vns-l21c185b130scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 lite <ale-l02c636b150scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 litescope:eqversion:vns-l21c185b130

Trust: 0.6

vendor:huaweimodel:p8 litescope:eqversion:ale-l02c636b150

Trust: 0.6

vendor:huaweimodel:p9 lite vns-l21c185b130scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l02c636b150scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 lite vns-l21c185b150scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al00c00b352scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 lite ale-l02c636b170scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2016-11633 // BID: 94509 // JVNDB: JVNDB-2016-008237 // CNNVD: CNNVD-201611-654 // NVD: CVE-2016-8763

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8763
value: HIGH

Trust: 1.0

NVD: CVE-2016-8763
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11633
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201611-654
value: CRITICAL

Trust: 0.6

VULHUB: VHN-97583
value: HIGH

Trust: 0.1

VULMON: CVE-2016-8763
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-8763
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-11633
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97583
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8763
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11633 // VULHUB: VHN-97583 // VULMON: CVE-2016-8763 // JVNDB: JVNDB-2016-008237 // CNNVD: CNNVD-201611-654 // NVD: CVE-2016-8763

PROBLEMTYPE DATA

problemtype:CWE-664

Trust: 1.9

sources: VULHUB: VHN-97583 // JVNDB: JVNDB-2016-008237 // NVD: CVE-2016-8763

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-654

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201611-654

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008237

PATCH
title:huawei-sa-20161123-01-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en
Trust: 0.8
title:Huawei's mobile phone TrustZone driver has a patch for privilege escalation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/84472
Trust: 0.6
title:Multiple Huawei Repair measures for device privilege vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65929
Trust: 0.6
title:boomerangurl:https://github.com/ucsb-seclab/boomerang 
Trust: 0.1
title: - url:https://github.com/23hour/boomerang_qemu 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11633 // 
            
            
            
            VULMON: CVE-2016-8763 // 
            
            
            
            JVNDB: JVNDB-2016-008237 // 
            
            
            
            CNNVD: CNNVD-201611-654

EXTERNAL IDS
db:NVDid:CVE-2016-8763
Trust: 3.5
db:BIDid:94509
Trust: 2.7
db:JVNDBid:JVNDB-2016-008237
Trust: 0.8
db:CNNVDid:CNNVD-201611-654
Trust: 0.7
db:CNVDid:CNVD-2016-11633
Trust: 0.6
db:VULHUBid:VHN-97583
Trust: 0.1
db:VULMONid:CVE-2016-8763
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11633 // 
            
            
            
            VULHUB: VHN-97583 // 
            
            
            
            VULMON: CVE-2016-8763 // 
            
            
            
            BID: 94509 // 
            
            
            
            JVNDB: JVNDB-2016-008237 // 
            
            
            
            CNNVD: CNNVD-201611-654 // 
            
            
            
            NVD: CVE-2016-8763

REFERENCES
url:http://www.securityfocus.com/bid/94509
Trust: 1.9
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8763
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8763
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-01-smartphone-cn
Trust: 0.6
url:http://www.huawei.com/en/
Trust: 0.3
url:http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-01-smartphone-en
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/664.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ucsb-seclab/boomerang
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11633 // 
            
            
            
            VULHUB: VHN-97583 // 
            
            
            
            VULMON: CVE-2016-8763 // 
            
            
            
            BID: 94509 // 
            
            
            
            JVNDB: JVNDB-2016-008237 // 
            
            
            
            CNNVD: CNNVD-201611-654 // 
            
            
            
            NVD: CVE-2016-8763

CREDITS
Nick Stephens.
Trust: 0.9
sources:
            
            
            BID: 94509 // 
            
            
            
            CNNVD: CNNVD-201611-654

SOURCES
db:CNVDid:CNVD-2016-11633
db:VULHUBid:VHN-97583
db:VULMONid:CVE-2016-8763
db:BIDid:94509
db:JVNDBid:JVNDB-2016-008237
db:CNNVDid:CNNVD-201611-654
db:NVDid:CVE-2016-8763

LAST UPDATE DATE
2024-11-23T21:41:29.526000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11633date:2016-11-29T00:00:00
db:VULHUBid:VHN-97583date:2017-04-07T00:00:00
db:VULMONid:CVE-2016-8763date:2017-04-07T00:00:00
db:BIDid:94509date:2016-12-20T01:02:00
db:JVNDBid:JVNDB-2016-008237date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201611-654date:2016-12-02T00:00:00
db:NVDid:CVE-2016-8763date:2024-11-21T03:00:00.950

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-11633date:2016-11-29T00:00:00
db:VULHUBid:VHN-97583date:2017-04-02T00:00:00
db:VULMONid:CVE-2016-8763date:2017-04-02T00:00:00
db:BIDid:94509date:2016-11-24T00:00:00
db:JVNDBid:JVNDB-2016-008237date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201611-654date:2016-11-24T00:00:00
db:NVDid:CVE-2016-8763date:2017-04-02T20:59:01.297