CVE-2015-8682 - OpenCVE

The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:P/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	P8 Firmware Mate S Firmware P8 Mate S

Configuration 1 [-]

AND

cpe:2.3:h:huawei:mate_s:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:huawei:mate_s_firmware::::::::
	cpe:2.3:a:huawei:mate_s_firmware::::::::
	cpe:2.3:a:huawei:mate_s_firmware::::::::

Configuration 2 [-]

AND

cpe:2.3:h:huawei:p8:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:huawei:p8_firmware::::::::
	cpe:2.3:a:huawei:p8_firmware::::::::
	cpe:2.3:a:huawei:p8_firmware::::::::
	cpe:2.3:a:huawei:p8_firmware::::::::
	cpe:2.3:a:huawei:p8_firmware::::::::

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-13T14:00:00

Updated: 2016-04-13T13:57:01

Reserved: 2015-12-25T00:00:00

Link: CVE-2015-8682

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-04-13T14:59:04.923

Modified: 2016-04-20T14:28:39.853

Link: CVE-2015-8682

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-30T00:00:00", "descriptions": [{"lang": "en", "value": "The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-04-13T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8682", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8682", "datePublished": "2016-04-13T14:00:00", "dateReserved": "2015-12-25T00:00:00", "dateUpdated": "2016-04-13T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B240A6C3-B8D7-4755-A74C-BE37FDE7CBF1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:huawei:mate_s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCF745F4-24D1-4319-9C4E-4967F71EE130", "versionEndIncluding": "crr-cl00c92b153", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:mate_s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "24843F43-7879-4211-BAB1-F7911D8BDC4C", "versionEndIncluding": "crr-tl00c01b153sp01", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:mate_s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "29470554-85C1-4074-BEA8-46FB3C32AE07", "versionEndIncluding": "crr-ul00c00b153", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p8:-:*:*:*:*:*:*:*", "matchCriteriaId": "F43A4D21-F16A-4277-A7AF-9ADBC3429F4C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:huawei:p8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A53A2854-71CD-41CF-A56F-92F31DDD5BE3", "versionEndIncluding": "gra-cl00c92b230", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:p8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D64BE60-9809-4B23-8986-935A03EB1AB0", "versionEndIncluding": "gra-cl10c92b230", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:p8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8283CD77-90B3-43CB-82AF-6BEB70618289", "versionEndIncluding": "gra-tl00c01b230", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:p8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D06BDBE6-5C3B-464F-9F76-D90FA1C3B10E", "versionEndIncluding": "gra-ul00c00b230", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:p8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "78CB750E-C642-4A4D-8724-6A15A72EE8C5", "versionEndIncluding": "gra-ul10c00b230", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access."}, {"lang": "es", "value": "El controlador Video0 en smartphones Huawei P8 con software GRA-UL00 en versiones anteriores a GRA-UL00C00B350, GRA-UL10 en versiones anteriores a GRA-UL10C00B350, GRA-TL00 en versiones anteriores a GRA-TL00C01B350, GRA-CL00 en versiones anteriores a GRA-CL00C92B350 y GRA-CL10 en versiones anteriores a GRA-CL10C92B350 y smartphones Mate S con software CRR-TL00 en versiones anteriores a CRR-TL00C01B160SP01, CRR-UL00 en versiones anteriores a CRR-UL00C00B160 y CRR-CL00 en versiones anteriores a CRR-CL00C92B161 permite a atacantes obtener informaci\u00f3n sensible de la memoria de pila o provocar una denegaci\u00f3n de servicio (ca\u00edda de sistema) a trav\u00e9s de una aplicaci\u00f3n manipulada, lo que desencadena un acceso de memoria no v\u00e1lido."}], "id": "CVE-2015-8682", "lastModified": "2016-04-20T14:28:39.853", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-13T14:59:04.923", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}