var-201704-0497
Vulnerability from variot
The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart. Huawei P9, P9Lite, and P8Lite are Huawei smartphones. A denial of service vulnerability exists in some of Huawei's mobile phone TrustZone drivers. An attacker could convince a user to install a malicious application, and the application exploited the vulnerability to pass specific parameters to the TrustZone driver, causing the system to reboot. Multiple Huawei Products are prone to the following multiple security vulnerabilities. 1. A denial-of-service vulnerability. 2. A privilege escalation vulnerability. 3. A security bypass vulnerability. Attackers can exploit these issues to perform certain unauthorized actions or gain elevated privileges. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0497",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p9",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": null
},
{
"model": "p9 lite",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "vns-l21c185b130"
},
{
"model": "p8 lite",
"scope": "lte",
"trust": 1.0,
"vendor": "huawei",
"version": "ale-l02c636b150"
},
{
"model": "p8 lite",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p9 lite",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p9",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "p9 \u003ceva-al10c00b352",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p9 lite \u003cvns-l21c185b130",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 lite \u003cale-l02c636b150",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p9 lite",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "vns-l21c185b130"
},
{
"model": "p8 lite",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "ale-l02c636b150"
},
{
"model": "p9 lite vns-l21c185b130",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "p9",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "0"
},
{
"model": "p8 lite ale-l02c636b150",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "p9 lite vns-l21c185b150",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "p9 eva-al00c00b352",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "p8 lite ale-l02c636b170",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11631"
},
{
"db": "BID",
"id": "94509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008236"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-653"
},
{
"db": "NVD",
"id": "CVE-2016-8762"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:huawei:p8_lite_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p9_lite_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p9_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008236"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nick Stephens.",
"sources": [
{
"db": "BID",
"id": "94509"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-653"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8762",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CVE-2016-8762",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-11631",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "VHN-97582",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.3,
"id": "CVE-2016-8762",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8762",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-8762",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-11631",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-653",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-97582",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2016-8762",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11631"
},
{
"db": "VULHUB",
"id": "VHN-97582"
},
{
"db": "VULMON",
"id": "CVE-2016-8762"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008236"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-653"
},
{
"db": "NVD",
"id": "CVE-2016-8762"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart. Huawei P9, P9Lite, and P8Lite are Huawei smartphones. A denial of service vulnerability exists in some of Huawei\u0027s mobile phone TrustZone drivers. An attacker could convince a user to install a malicious application, and the application exploited the vulnerability to pass specific parameters to the TrustZone driver, causing the system to reboot. Multiple Huawei Products are prone to the following multiple security vulnerabilities. \n1. A denial-of-service vulnerability. \n2. A privilege escalation vulnerability. \n3. A security bypass vulnerability. \nAttackers can exploit these issues to perform certain unauthorized actions or gain elevated privileges. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8762"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008236"
},
{
"db": "CNVD",
"id": "CNVD-2016-11631"
},
{
"db": "BID",
"id": "94509"
},
{
"db": "VULHUB",
"id": "VHN-97582"
},
{
"db": "VULMON",
"id": "CVE-2016-8762"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8762",
"trust": 3.5
},
{
"db": "BID",
"id": "94509",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008236",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-653",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11631",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97582",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-8762",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11631"
},
{
"db": "VULHUB",
"id": "VHN-97582"
},
{
"db": "VULMON",
"id": "CVE-2016-8762"
},
{
"db": "BID",
"id": "94509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008236"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-653"
},
{
"db": "NVD",
"id": "CVE-2016-8762"
}
]
},
"id": "VAR-201704-0497",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11631"
},
{
"db": "VULHUB",
"id": "VHN-97582"
}
],
"trust": 1.2841406
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11631"
}
]
},
"last_update_date": "2024-11-23T21:41:29.446000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20161123-01-smartphone",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en"
},
{
"title": "Huawei\u0027s mobile phone TrustZone driver has a patch for denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/84468"
},
{
"title": "Multiple Huawei Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65928"
},
{
"title": "boomerang",
"trust": 0.1,
"url": "https://github.com/ucsb-seclab/boomerang "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/23hour/boomerang_qemu "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11631"
},
{
"db": "VULMON",
"id": "CVE-2016-8762"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008236"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97582"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008236"
},
{
"db": "NVD",
"id": "CVE-2016-8762"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/94509"
},
{
"trust": 1.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8762"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8762"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-01-smartphone-cn"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161123-01-smartphone-en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/ucsb-seclab/boomerang"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11631"
},
{
"db": "VULHUB",
"id": "VHN-97582"
},
{
"db": "VULMON",
"id": "CVE-2016-8762"
},
{
"db": "BID",
"id": "94509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008236"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-653"
},
{
"db": "NVD",
"id": "CVE-2016-8762"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11631"
},
{
"db": "VULHUB",
"id": "VHN-97582"
},
{
"db": "VULMON",
"id": "CVE-2016-8762"
},
{
"db": "BID",
"id": "94509"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008236"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-653"
},
{
"db": "NVD",
"id": "CVE-2016-8762"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11631"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-97582"
},
{
"date": "2017-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8762"
},
{
"date": "2016-11-24T00:00:00",
"db": "BID",
"id": "94509"
},
{
"date": "2017-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008236"
},
{
"date": "2016-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-653"
},
{
"date": "2017-04-02T20:59:01.267000",
"db": "NVD",
"id": "CVE-2016-8762"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11631"
},
{
"date": "2017-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-97582"
},
{
"date": "2017-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8762"
},
{
"date": "2016-12-20T01:02:00",
"db": "BID",
"id": "94509"
},
{
"date": "2017-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008236"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-653"
},
{
"date": "2024-11-21T03:00:00.833000",
"db": "NVD",
"id": "CVE-2016-8762"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "94509"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-653"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Huawei Smartphone software TrustZone Driver input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008236"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-653"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.