Huawei Mate 8 ION Memory Management input validation

A vulnerability was found in Huawei Mate 8 up to NXT-AL10C00B197/NXT-CL10C00B197/NXT-DL10C00B197/NXT-TL10C00B197. It has been rated as problematic. This issue affects some unknown processing of the component ION Memory Management. The manipulation leads to improper input validation. The CWE definition for the vulnerability is CWE-20. The bug was discovered 10/26/2016. The weakness was disclosed 04/02/2017 as sa-20161026-01 (Website). The advisory is shared at huawei.com. The identification of this vulnerability is CVE-2016-8756. Local access is required to approach this attack. There are no technical details available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 158 days. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 93935).

Field04/03/2017 09:02 AM08/25/2020 07:57 AM11/24/2022 02:11 PM
typeSmartphone Operating SystemSmartphone Operating SystemSmartphone Operating System
vendorHuaweiHuaweiHuawei
nameMate 8Mate 8Mate 8
version<=NXT-AL10C00B197/NXT-CL10C00B197/NXT-DL10C00B197/NXT-TL10C00B197<=NXT-AL10C00B197/NXT-CL10C00B197/NXT-DL10C00B197/NXT-TL10C00B197<=NXT-AL10C00B197/NXT-CL10C00B197/NXT-DL10C00B197/NXT-TL10C00B197
componentION Memory ManagementION Memory ManagementION Memory Management
cwe20 (input validation)20 (input validation)20 (input validation)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore4.34.34.3
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiCCC
cvss3_meta_basescore4.44.44.4
cvss3_meta_tempscore4.44.44.4
cvss3_vuldb_basescore3.33.33.3
cvss3_vuldb_tempscore3.33.33.3
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2016-8756CVE-2016-8756CVE-2016-8756
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart).ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart).ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart).
securityfocus939359393593935
securityfocus_titleHuawei Mate 8 CVE-2016-8756 Local Denial of Service VulnerabilityHuawei Mate 8 CVE-2016-8756 Local Denial of Service VulnerabilityHuawei Mate 8 CVE-2016-8756 Local Denial of Service Vulnerability
seealso991999919999199
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days158158158
cvss3_nvd_basescore5.55.55.5
discoverydate14774400001477440000
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-smartphone-en
osvdb_titleCVE-2016-8756 - Huawei - Mate 8 - Denial of Service IssueCVE-2016-8756 - Huawei - Mate 8 - Denial of Service Issue
securityfocus_date1477440000 (10/26/2016)1477440000 (10/26/2016)
securityfocus_classDesign ErrorDesign Error
identifiersa-20161026-01
cvss2_nvd_basescore7.1

Do you want to use VulDB in your project?

Use the official API to access entries easily!