Sign-up

ID

VAR-201704-0503


CVE

CVE-2016-8774


TITLE

plural Huawei Smartphone software HIFI In the driver root Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008267

DESCRIPTION

The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. plural Huawei Smartphone software HIFI The driver has a deficiency in processing related to buffer overflow. root There are vulnerabilities that can be used to gain privileges, crash the system, or execute arbitrary code.By the attacker, root It may be possible to gain privileges, crash the system, or execute arbitrary code. HuaweiMate8, MateS, P8, and P9 are Huawei smartphones. Because some HIFI drivers of Huawei mobile phones lack parameter checking, the attacker uses the vulnerability to construct specific parameters to the HIFI driver after obtaining root privileges, resulting in system restart or arbitrary code execution. Multiple Huawei Products are prone to a local buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions. The Huawei Mate 8 and others are smartphones from the Chinese company Huawei

Trust: 2.52

sources: NVD: CVE-2016-8774 // JVNDB: JVNDB-2016-008267 // CNVD: CNVD-2016-11667 // BID: 94503 // VULHUB: VHN-97594

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11667

AFFECTED PRODUCTS

vendor:huaweimodel:mate sscope:eqversion: -

Trust: 1.6

vendor:huaweimodel:mate 8scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:p9scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:p8scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:mate 8scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate sscope: - version: -

Trust: 0.8

vendor:huaweimodel:p8scope: - version: -

Trust: 0.8

vendor:huaweimodel:p9scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate <nxt-cl00c92b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-dl00c17b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-tl00c01b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate <nxt-al10c00b386scope:eqversion:8

Trust: 0.6

vendor:huaweimodel:mate s <crr-cl00c92b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-cl20c92b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-tl00c01b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-ul00c00b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:mate s <crr-ul20c00b368scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-tl00c01b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-ul00c00b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-ul10c00b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-cl00c92b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 <gra-cl10c92b366scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <eva-al10c00b190scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <eva-dl10c00b190scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <eva-tl10c00b190scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <eva-cl10c00b190scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:p8scope:eqversion:0

Trust: 0.3

vendor:huaweimodel:matesscope:eqversion:0

Trust: 0.3

vendor:huaweimodel:matescope:eqversion:80

Trust: 0.3

vendor:huaweimodel:p9 eva-tl10c00b190scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-dl10c00b190scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-cl10c00b190scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00b190scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-ul10c00b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-ul00c00b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-tl00c01b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl10c92b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p8 gra-cl00c92b366scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-ul20c00b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-ul00c00b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-tl00c01b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-cl20c92b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mates crr-cl00c92b368scope:neversion: -

Trust: 0.3

vendor:huaweimodel:mate nxt-tl00c01b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-dl00c17b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-cl00c92b386scope:neversion:8

Trust: 0.3

vendor:huaweimodel:mate nxt-al10c00b386scope:neversion:8

Trust: 0.3

sources: CNVD: CNVD-2016-11667 // BID: 94503 // JVNDB: JVNDB-2016-008267 // CNNVD: CNNVD-201611-660 // NVD: CVE-2016-8774

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8774
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-8774
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-11667
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201611-660
value: HIGH

Trust: 0.6

VULHUB: VHN-97594
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-8774
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-11667
severity: MEDIUM
baseScore: 6.5
vectorString: AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97594
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8774
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-11667 // VULHUB: VHN-97594 // JVNDB: JVNDB-2016-008267 // CNNVD: CNNVD-201611-660 // NVD: CVE-2016-8774

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-97594 // JVNDB: JVNDB-2016-008267 // NVD: CVE-2016-8774

THREAT TYPE

local

Trust: 0.9

sources: BID: 94503 // CNNVD: CNNVD-201611-660

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201611-660

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008267

PATCH
title:huawei-sa-20161123-02-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-02-smartphone-en
Trust: 0.8
title:Patches for buffer overflow vulnerabilities in various Huawei HIFI driversurl:https://www.cnvd.org.cn/patchInfo/show/84451
Trust: 0.6
title:Multiple Huawei Product Buffer Overflow Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65934
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-11667 // 
            
            
            
            JVNDB: JVNDB-2016-008267 // 
            
            
            
            CNNVD: CNNVD-201611-660

EXTERNAL IDS
db:NVDid:CVE-2016-8774
Trust: 3.4
db:BIDid:94503
Trust: 2.6
db:JVNDBid:JVNDB-2016-008267
Trust: 0.8
db:CNVDid:CNVD-2016-11667
Trust: 0.6
db:CNNVDid:CNNVD-201611-660
Trust: 0.6
db:VULHUBid:VHN-97594
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11667 // 
            
            
            
            VULHUB: VHN-97594 // 
            
            
            
            BID: 94503 // 
            
            
            
            JVNDB: JVNDB-2016-008267 // 
            
            
            
            CNNVD: CNNVD-201611-660 // 
            
            
            
            NVD: CVE-2016-8774

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-02-smartphone-en
Trust: 2.0
url:http://www.securityfocus.com/bid/94503
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8774
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8774
Trust: 0.8
url:http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-02-smartphone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-11667 // 
            
            
            
            VULHUB: VHN-97594 // 
            
            
            
            BID: 94503 // 
            
            
            
            JVNDB: JVNDB-2016-008267 // 
            
            
            
            CNNVD: CNNVD-201611-660 // 
            
            
            
            NVD: CVE-2016-8774

CREDITS
Zhao Jianqiang from Lab 0x031E of Qihoo 360 Technology Co. Ltd.
Trust: 0.9
sources:
            
            
            BID: 94503 // 
            
            
            
            CNNVD: CNNVD-201611-660

SOURCES
db:CNVDid:CNVD-2016-11667
db:VULHUBid:VHN-97594
db:BIDid:94503
db:JVNDBid:JVNDB-2016-008267
db:CNNVDid:CNNVD-201611-660
db:NVDid:CVE-2016-8774

LAST UPDATE DATE
2024-11-23T22:49:07.127000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11667date:2016-11-30T00:00:00
db:VULHUBid:VHN-97594date:2017-04-11T00:00:00
db:BIDid:94503date:2016-12-20T01:02:00
db:JVNDBid:JVNDB-2016-008267date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201611-660date:2016-12-02T00:00:00
db:NVDid:CVE-2016-8774date:2024-11-21T03:00:02.807

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-11667date:2016-11-30T00:00:00
db:VULHUBid:VHN-97594date:2017-04-02T00:00:00
db:BIDid:94503date:2016-11-24T00:00:00
db:JVNDBid:JVNDB-2016-008267date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201611-660date:2016-11-24T00:00:00
db:NVDid:CVE-2016-8774date:2017-04-02T20:59:01.453