Huawei P9 ION Memory Management information disclosure

A vulnerability classified as problematic has been found in Huawei P9 up to EVA-AL10C00B192/EVA-CL10C00B192/EVA-DL10C00B192/EVA-TL10C00B192. Affected is an unknown function of the component ION Memory Management. The manipulation leads to information disclosure. Using CWE to declare the problem leads to CWE-200. The bug was discovered 12/28/2016. The weakness was presented 04/02/2017 as sa-20161026-02 (Website). The advisory is available at huawei.com. This vulnerability is traded as CVE-2016-8757. Attacking locally is a requirement. There are no technical details available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1592 by the MITRE ATT&CK project. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 95 days. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 93932).

Field04/03/2017 09:02 AM08/25/2020 08:10 AM11/24/2022 02:12 PM
typeSmartphone Operating SystemSmartphone Operating SystemSmartphone Operating System
vendorHuaweiHuaweiHuawei
nameP9P9P9
version<=EVA-AL10C00B192/EVA-CL10C00B192/EVA-DL10C00B192/EVA-TL10C00B192<=EVA-AL10C00B192/EVA-CL10C00B192/EVA-DL10C00B192/EVA-TL10C00B192<=EVA-AL10C00B192/EVA-CL10C00B192/EVA-DL10C00B192/EVA-TL10C00B192
componentION Memory ManagementION Memory ManagementION Memory Management
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore4.34.34.3
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiNNN
cvss2_nvd_aiNNN
cvss3_meta_basescore3.33.33.3
cvss3_meta_tempscore3.33.33.3
cvss3_vuldb_basescore3.33.33.3
cvss3_vuldb_tempscore3.33.33.3
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cLLL
cvss3_nvd_iNNN
cvss3_nvd_aNNN
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-02-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-02-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-02-smartphone-en
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2016-8757CVE-2016-8757CVE-2016-8757
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory.ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory.ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory.
securityfocus939329393293932
securityfocus_titleHuawei Smart Phone CVE-2016-8757 Local Information Disclosure VulnerabilityHuawei Smart Phone CVE-2016-8757 Local Information Disclosure VulnerabilityHuawei Smart Phone CVE-2016-8757 Local Information Disclosure Vulnerability
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days959595
cvss3_nvd_basescore3.33.33.3
discoverydate14828832001482883200
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-02-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-02-smartphone-en
osvdb_titleCVE-2016-8757 - Huawei - P9 Firmware - MediumCVE-2016-8757 - Huawei - P9 Firmware - Medium
securityfocus_date1477440000 (10/26/2016)1477440000 (10/26/2016)
securityfocus_classDesign ErrorDesign Error
identifiersa-20161026-02
cvss2_nvd_basescore4.3

Want to stay up to date on a daily basis?

Enable the mail alert feature now!