CVE-2016-8762 - OpenCVE

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	P9 Lite P8 Lite P8 Lite Firmware P9 P9 Lite Firmware P9 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:p9_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:p8_lite:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en	Vendor Advisory
http://www.securityfocus.com/bid/94509	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2017-04-02T20:00:00

Updated: 2017-04-03T09:57:01

Reserved: 2016-10-18T00:00:00

Link: CVE-2016-8762

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-04-02T20:59:01.267

Modified: 2017-04-07T19:32:56.707

Link: CVE-2016-8762

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "P9,P9 Lite,P8 Lite Versions earlier than EVA-AL10C00B352,VNS-L21C185B130 and earlier versions,ALE-L02C636B150 and earlier versions", "vendor": "n/a", "versions": [{"status": "affected", "version": "P9,P9 Lite,P8 Lite Versions earlier than EVA-AL10C00B352,VNS-L21C185B130 and earlier versions,ALE-L02C636B150 and earlier versions"}]}], "datePublic": "2017-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart."}], "problemTypes": [{"descriptions": [{"description": "input validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-03T09:57:01", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"name": "94509", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94509"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2016-8762", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "P9,P9 Lite,P8 Lite Versions earlier than EVA-AL10C00B352,VNS-L21C185B130 and earlier versions,ALE-L02C636B150 and earlier versions", "version": {"version_data": [{"version_value": "P9,P9 Lite,P8 Lite Versions earlier than EVA-AL10C00B352,VNS-L21C185B130 and earlier versions,ALE-L02C636B150 and earlier versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "input validation"}]}]}, "references": {"reference_data": [{"name": "94509", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94509"}, {"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2016-8762", "datePublished": "2017-04-02T20:00:00", "dateReserved": "2016-10-18T00:00:00", "dateUpdated": "2017-04-03T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FBF38FD-8B21-4A0E-BD4A-435DC908A2B3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1E734BC-513F-4FF6-B4AB-46A3AD8FA9BA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p9_lite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF064ADF-1E81-442F-AEE7-5BDC89948F63", "versionEndIncluding": "vns-l21c185b130", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p9_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "866C3F90-FC3B-4A9F-8BAC-83A89077F96E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FA55A51-29D6-42E1-8A62-0335D5562166", "versionEndIncluding": "ale-l02c636b150", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p8_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE2B9076-0E47-461F-BD6C-69FAB7572701", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart."}, {"lang": "es", "value": "El controlador TrustZone en tel\u00e9fonos Huawei P9 con versiones de software anteriores a EVA-AL10C00B352 y P9 Lite con software VNS-L21C185B130 y versiones anteriores y P8 Lite con software ALE-L02C636B150 y versiones anteriores tiene una vulnerabilidad de validaci\u00f3n de entrada, lo que permite a atacantes provocar el reinicio del sistema."}], "id": "CVE-2016-8762", "lastModified": "2017-04-07T19:32:56.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-02T20:59:01.267", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en"}, {"source": "psirt@huawei.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94509"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}