CVE-2015-8679 - OpenCVE

The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allow attackers to cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	P8 Firmware Mate S Firmware P8 Mate S

Configuration 1 [-]

AND

cpe:2.3:h:huawei:mate_s:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:huawei:mate_s_firmware:crr-cl00:::::::*
	cpe:2.3:o:huawei:mate_s_firmware:crr-tl00:::::::*
	cpe:2.3:o:huawei:mate_s_firmware:crr-ul00:::::::*

Configuration 2 [-]

AND

cpe:2.3:h:huawei:p8:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:huawei:p8_firmware:gra-cl00:::::::*
	cpe:2.3:o:huawei:p8_firmware:gra-cl10:::::::*
	cpe:2.3:o:huawei:p8_firmware:gra-tl00:::::::*
	cpe:2.3:o:huawei:p8_firmware:gra-ul00:::::::*
	cpe:2.3:o:huawei:p8_firmware:gra-ul10:::::::*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160105-01-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-07T20:00:00

Updated: 2017-03-27T16:57:01

Reserved: 2015-12-25T00:00:00

Link: CVE-2015-8679

JSON object: View

NVD Information

Status : Modified

Published: 2016-04-07T20:59:02.787

Modified: 2017-03-28T01:59:00.303

Link: CVE-2015-8679

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allow attackers to cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-27T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160105-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8679", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allow attackers to cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160105-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160105-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8679", "datePublished": "2016-04-07T20:00:00", "dateReserved": "2015-12-25T00:00:00", "dateUpdated": "2017-03-27T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B240A6C3-B8D7-4755-A74C-BE37FDE7CBF1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_s_firmware:crr-cl00:*:*:*:*:*:*:*", "matchCriteriaId": "3017EDB7-E50F-4663-9C9B-C0CF00A98354", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:mate_s_firmware:crr-tl00:*:*:*:*:*:*:*", "matchCriteriaId": "16EF3947-D9E7-4187-9B8B-A4C9F4A56E66", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:mate_s_firmware:crr-ul00:*:*:*:*:*:*:*", "matchCriteriaId": "0944C26D-11E5-4AD4-8182-8F23B0F8F580", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p8:-:*:*:*:*:*:*:*", "matchCriteriaId": "F43A4D21-F16A-4277-A7AF-9ADBC3429F4C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p8_firmware:gra-cl00:*:*:*:*:*:*:*", "matchCriteriaId": "A775C9F6-D759-4022-A499-FDABD19A0B18", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:p8_firmware:gra-cl10:*:*:*:*:*:*:*", "matchCriteriaId": "95A2D1FD-3FCB-484B-A995-3FC0732ECFE6", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:p8_firmware:gra-tl00:*:*:*:*:*:*:*", "matchCriteriaId": "2019AC75-E9C6-4AD0-B95F-2C4D03CCBBEC", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:p8_firmware:gra-ul00:*:*:*:*:*:*:*", "matchCriteriaId": "8DE91607-4815-4460-8616-8C175981BC13", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:p8_firmware:gra-ul10:*:*:*:*:*:*:*", "matchCriteriaId": "4E8D0A98-4F0D-485F-97B9-252C3A198659", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allow attackers to cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access."}, {"lang": "es", "value": "El controlador Maxim_smartpa_dev en smartphones Huawei P8 con software GRA-TL00 en versiones anteriores a GRA-TL00C01B230, GRA-CL00 en versiones anteriores a GRA-CL00C92B230, GRA-CL10 en versiones anteriores a GRA-CL10C92B230, GRA-UL00 en versiones anteriores a GRA-UL00C00B230 y GRA-UL10 en versiones anteriores a GRA-UL10C00B230 y smartphones Mate S con software CRR-TL00 en versiones anteriores a CRR-TL00C01B160SP01, CRR-UL00 en versiones anteriores a CRR-UL00C00B160 y CRR-CL00 en versiones anteriores a CRR-CL00C92B161 permiten a atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) a trav\u00e9s de una aplicaci\u00f3n manipulada, lo que desencadena en un acceso a memoria no v\u00e1lido."}], "id": "CVE-2015-8679", "lastModified": "2017-03-28T01:59:00.303", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-07T20:59:02.787", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160105-01-smartphone-en"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}