CVE-2016-8774 — MEDIUM (6.7)

Vulnerability Description

The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow.

CVSS Score

6.7

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Mate 8 Firmware	-
Huawei	Mate 8	-
Huawei	Mate S Firmware	-
Huawei	Mate S	-
Huawei	P8 Firmware	-
Huawei	P8	-
Huawei	P9 Firmware	-
Huawei	P9	-

Related Weaknesses (CWE)

CWE-119

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-02-smartphVendor Advisory
http://www.securityfocus.com/bid/94503Third Party AdvisoryVDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-02-smartphVendor Advisory
http://www.securityfocus.com/bid/94503Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-8774?

CVE-2016-8774 is a vulnerability with a CVSS score of 6.7 (MEDIUM). The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones ...

How severe is CVE-2016-8774?

CVE-2016-8774 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-8774?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 8 Firmware, Huawei Mate 8, Huawei Mate S Firmware, Huawei Mate S, Huawei P8 Firmware.