Vulnerability Description
The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | P9 Firmware | - |
| Huawei | P9 | - |
| Huawei | P9 Lite Firmware | <= vns-l21c185b130 |
| Huawei | P9 Lite | - |
| Huawei | P8 Lite Firmware | <= ale-l02c636b150 |
| Huawei | P8 Lite | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphVendor Advisory
- http://www.securityfocus.com/bid/94509Third Party AdvisoryVDB Entry
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphVendor Advisory
- http://www.securityfocus.com/bid/94509Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-8764?
CVE-2016-8764 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 an...
How severe is CVE-2016-8764?
CVE-2016-8764 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8764?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei P9 Firmware, Huawei P9, Huawei P9 Lite Firmware, Huawei P9 Lite, Huawei P8 Lite Firmware.