Huawei Mate 8 ION Memory Management input validation

A vulnerability classified as problematic was found in Huawei Mate 8 up to NXT-AL10C00B561/NXT-CL10C00B561/NXT-DL10C00B561/NXT-TL10C00B561. Affected by this vulnerability is an unknown functionality of the component ION Memory Management. The manipulation leads to improper input validation. The CWE definition for the vulnerability is CWE-20. The bug was discovered 01/11/2017. The weakness was shared 04/02/2017 as sa-20170111-01 (Website). It is possible to read the advisory at huawei.com. This vulnerability is known as CVE-2016-8758. It is possible to launch the attack on the local host. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 81 days. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 95384).

Field04/03/2017 09:02 AM08/25/2020 08:25 AM11/24/2022 02:16 PM
typeSmartphone Operating SystemSmartphone Operating SystemSmartphone Operating System
vendorHuaweiHuaweiHuawei
nameMate 8Mate 8Mate 8
version<=NXT-AL10C00B561/NXT-CL10C00B561/NXT-DL10C00B561/NXT-TL10C00B561<=NXT-AL10C00B561/NXT-CL10C00B561/NXT-DL10C00B561/NXT-TL10C00B561<=NXT-AL10C00B561/NXT-CL10C00B561/NXT-DL10C00B561/NXT-TL10C00B561
componentION Memory ManagementION Memory ManagementION Memory Management
cwe20 (input validation)20 (input validation)20 (input validation)
risk111
cvss2_vuldb_basescore4.34.34.3
cvss2_vuldb_tempscore4.34.34.3
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiCCC
cvss3_meta_basescore4.44.44.4
cvss3_meta_tempscore4.44.44.4
cvss3_vuldb_basescore3.33.33.3
cvss3_vuldb_tempscore3.33.33.3
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-smartphone-en
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2016-8758CVE-2016-8758CVE-2016-8758
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart).ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart).ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart).
securityfocus953849538495384
securityfocus_titleHuawei M8 Products CVE-2016-8758 Local Denial of Service VulnerabilityHuawei M8 Products CVE-2016-8758 Local Denial of Service VulnerabilityHuawei M8 Products CVE-2016-8758 Local Denial of Service Vulnerability
seealso991979919799197
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days818181
cvss3_nvd_basescore5.55.55.5
discoverydate14840928001484092800
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-smartphone-en
osvdb_titleCVE-2016-8758 - Huawei - Mate 8 - Denial of Service IssueCVE-2016-8758 - Huawei - Mate 8 - Denial of Service Issue
securityfocus_date1484092800 (01/11/2017)1484092800 (01/11/2017)
securityfocus_classDesign ErrorDesign Error
identifiersa-20170111-01
cvss2_nvd_basescore7.1

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!