Huawei P8 Lite/P9 Lite/P9 TrustZone Driver Memory input validation

A vulnerability was found in Huawei P8 Lite, P9 Lite and P9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component TrustZone Driver. The manipulation leads to improper input validation (Memory). The CWE definition for the vulnerability is CWE-20. The bug was discovered 11/23/2016. The weakness was published 04/02/2017 as sa-20161123-01 (Website). The advisory is shared at huawei.com. This vulnerability is known as CVE-2016-8764. The attack needs to be approached locally. There are no technical details available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 130 days. We expect the 0-day to have been worth approximately $0-$5k. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94509).

Field04/03/2017 09:04 AM08/25/2020 09:09 AM11/24/2022 02:32 PM
typeSmartphone Operating SystemSmartphone Operating SystemSmartphone Operating System
vendorHuaweiHuaweiHuawei
nameP8 Lite/P9 Lite/P9P8 Lite/P9 Lite/P9P8 Lite/P9 Lite/P9
componentTrustZone DriverTrustZone DriverTrustZone Driver
cwe20 (input validation)20 (input validation)20 (input validation)
risk111
historic000
cvss2_vuldb_basescore1.51.51.5
cvss2_vuldb_tempscore1.31.31.3
cvss2_vuldb_avLLL
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_nvd_avLLL
cvss2_nvd_acMMM
cvss2_nvd_auSSS
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore4.14.14.1
cvss3_meta_tempscore4.04.04.1
cvss3_vuldb_basescore1.91.91.9
cvss3_vuldb_tempscore1.91.91.9
cvss3_vuldb_avLLL
cvss3_vuldb_acHHH
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_nvd_avLLL
cvss3_nvd_acHHH
cvss3_nvd_prHHH
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
titlewordMemoryMemoryMemory
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
cveCVE-2016-8764CVE-2016-8764CVE-2016-8764
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryThe TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver.The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver.The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver.
securityfocus945099450994509
securityfocus_titleMultiple Huawei Products Local Multiple Security VulnerabilitiesMultiple Huawei Products Local Multiple Security VulnerabilitiesMultiple Huawei Products Local Multiple Security Vulnerabilities
seealso99203 9920499203 9920499203 99204
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
0day_days130130130
cvss3_nvd_basescore6.46.46.4
discoverydate14798592001479859200
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en
osvdb_titleCVE-2016-8764 - Huawei - Multiple Products - Security Bypass IssueCVE-2016-8764 - Huawei - Multiple Products - Security Bypass Issue
securityfocus_date1479945600 (11/24/2016)1479945600 (11/24/2016)
securityfocus_classBoundary Condition ErrorBoundary Condition Error
identifiersa-20161123-01
cvss2_nvd_basescore4.1

Interested in the pricing of exploits?

See the underground prices here!