A vulnerability classified as problematic has been found in Huawei P9 up to EVA-AL10C00B192/EVA-CL10C00B192/EVA-DL10C00B192/EVA-TL10C00B192. Affected is an unknown function of the component ION Memory Management. The manipulation leads to information disclosure. Using CWE to declare the problem leads to CWE-200. The bug was discovered 12/28/2016. The weakness was presented 04/02/2017 as sa-20161026-02 (Website). The advisory is available at huawei.com. This vulnerability is traded as CVE-2016-8757. Attacking locally is a requirement. There are no technical details available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1592 by the MITRE ATT&CK project. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 95 days. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 93932).
Want to stay up to date on a daily basis?
Enable the mail alert feature now!