Huawei P8 Lite/P9 Lite/P9 TrustZone Driver Memory input validation
A vulnerability was found in Huawei P8 Lite, P9 Lite and P9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component TrustZone Driver. The manipulation leads to improper input validation (Memory). The CWE definition for the vulnerability is CWE-20. The bug was discovered 11/23/2016. The weakness was published 04/02/2017 as sa-20161123-01 (Website). The advisory is shared at huawei.com. This vulnerability is known as CVE-2016-8764. The attack needs to be approached locally. There are no technical details available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 130 days. We expect the 0-day to have been worth approximately $0-$5k. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94509).
Interested in the pricing of exploits?
See the underground prices here!