CVE-2015-8089 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	P7-L09 Firmware	-
Huawei	P7-L09	-
Huawei	P7-L05 Firmware	-
Huawei	P7-L05	-
Huawei	P7-L00 Firmware	-
Huawei	P7-L00	-

Related Weaknesses (CWE)

CWE-264

References

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/Vendor Advisory
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/Vendor Advisory

FAQ

What is CVE-2015-8089?

CVE-2015-8089 is a vulnerability with a CVSS score of 7.8 (HIGH). The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memor...

How severe is CVE-2015-8089?

CVE-2015-8089 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8089?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei P7-L09 Firmware, Huawei P7-L09, Huawei P7-L05 Firmware, Huawei P7-L05, Huawei P7-L00 Firmware.