A vulnerability was found in Huawei P8, P9 Lite and P9 and classified as problematic. This issue affects some unknown processing of the component TrustZone Driver. The manipulation leads to improper input validation. The CWE definition for the vulnerability is CWE-20. The bug was discovered 11/23/2016. The weakness was presented 04/02/2017 as sa-20161123-01 (Website). It is possible to read the advisory at huawei.com. The identification of this vulnerability is CVE-2016-8762. Attacking locally is a requirement. There are no technical details available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 130 days. We expect the 0-day to have been worth approximately $0-$5k. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94509).
Do you need the next level of professionalism?
Upgrade your account now!