Huawei P9/Honor 6 Touchscreen Driver memory corruption

A vulnerability, which was classified as critical, was found in Huawei P9 and Honor 6. This affects an unknown part of the component Touchscreen Driver. The manipulation leads to memory corruption. The CWE definition for the vulnerability is CWE-119. The bug was discovered 10/12/2016. The weakness was released 04/02/2017 with Qihoo 360 as sa-20161012-01 (Website). The advisory is shared at huawei.com. This vulnerability is uniquely identified as CVE-2016-8760. An attack has to be approached locally. There are no technical details available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 172 days. We expect the 0-day to have been worth approximately $5k-$25k. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 93530).

Field04/03/2017 09:03 AM08/25/2020 08:47 AM11/24/2022 02:22 PM
typeSmartphone Operating SystemSmartphone Operating SystemSmartphone Operating System
vendorHuaweiHuaweiHuawei
nameP9/Honor 6P9/Honor 6P9/Honor 6
componentTouchscreen DriverTouchscreen DriverTouchscreen Driver
cwe119 (memory corruption)119 (memory corruption)119 (memory corruption)
risk222
historic000
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore6.56.56.5
cvss3_meta_tempscore6.36.36.4
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiRRR
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
cveCVE-2016-8760CVE-2016-8760CVE-2016-8760
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryTouchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege.Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege.Touchscreen driver in Huawei P9 phones with software versions before EVA-AL10C00B192 and Huawei Honor 6 phones with software versions before H60-L02_6.10.1 has a heap overflow vulnerability, which allows attackers to crash the system or escalate user privilege.
securityfocus935309353093530
securityfocus_titleMultiple Huawei Smart Phones Drivers Stack Buffer Overflow and Heap Buffer Overflow VulnerabilitiesMultiple Huawei Smart Phones Drivers Stack Buffer Overflow and Heap Buffer Overflow VulnerabilitiesMultiple Huawei Smart Phones Drivers Stack Buffer Overflow and Heap Buffer Overflow Vulnerabilities
seealso99200 9920299200 9920299200 99202
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
0day_days172172172
cvss3_nvd_basescore7.87.87.8
discoverydate14762304001476230400
company_nameQihoo 360Qihoo 360
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161012-01-smartphone-en
osvdb_titleCVE-2016-8760 - Huawei - Multiple Products - Buffer Overflow IssueCVE-2016-8760 - Huawei - Multiple Products - Buffer Overflow Issue
securityfocus_date1476230400 (10/12/2016)1476230400 (10/12/2016)
securityfocus_classUnknownUnknown
identifiersa-20161012-01
cvss2_nvd_basescore9.3

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!