CVE-2016-8764

EPSS 0.03%
Published 02.04.2017 20:59:01
Last modified 20.04.2025 01:37:25
Source psirt@huawei.com
Teams watchlist Login
Open Login

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ P9 Firmware Version-

Huawei ≫ P9 Version-

Huawei ≫ P9 Lite Firmware Version <= vns-l21c185b130

Huawei ≫ P9 Lite Version-

Huawei ≫ P8 Lite Firmware Version <= ale-l02c636b150

Huawei ≫ P8 Lite Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.058

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	0.5	5.9	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.1	2.7	6.4	AV:L/AC:M/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en

Vendor Advisory

http://www.securityfocus.com/bid/94509

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-8764

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-8764

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-8764

EUVD