Huawei Mate 8/Mate S/P8/P9 HiFi Driver memory corruption

A vulnerability, which was classified as critical, has been found in Huawei Mate 8, Mate S, P8 and P9. This issue affects some unknown processing of the component HiFi Driver. The manipulation leads to memory corruption. The CWE definition for the vulnerability is CWE-119. The bug was discovered 11/23/2016. The weakness was shared 04/02/2017 with Qihoo 360 as sa-20161123-02 (Website). The advisory is shared at huawei.com. The identification of this vulnerability is CVE-2016-8774. It is possible to launch the attack on the local host. There are no technical details available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 130 days. We expect the 0-day to have been worth approximately $5k-$25k. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 94503).

Field04/03/2017 09:05 AM08/25/2020 09:20 AM11/24/2022 02:42 PM
typeSmartphone Operating SystemSmartphone Operating SystemSmartphone Operating System
vendorHuaweiHuaweiHuawei
nameMate 8/Mate S/P8/P9Mate 8/Mate S/P8/P9Mate 8/Mate S/P8/P9
componentHiFi DriverHiFi DriverHiFi Driver
cwe119 (memory corruption)119 (memory corruption)119 (memory corruption)
risk222
cvss2_vuldb_basescore7.27.27.2
cvss2_vuldb_tempscore6.36.36.3
cvss2_vuldb_avLLL
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss2_nvd_avLLL
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore7.17.17.3
cvss3_vuldb_basescore8.28.28.2
cvss3_vuldb_tempscore7.87.87.8
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sCCC
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prHHH
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1491091200 (04/02/2017)1491091200 (04/02/2017)1491091200 (04/02/2017)
urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-02-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-02-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-02-smartphone-en
price_0day$5k-$25k$5k-$25k$5k-$25k
nameUpgradeUpgradeUpgrade
cveCVE-2016-8774CVE-2016-8774CVE-2016-8774
cve_assigned1476748800 (10/18/2016)1476748800 (10/18/2016)1476748800 (10/18/2016)
cve_nvd_published149109120014910912001491091200
cve_nvd_summaryThe HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow.The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow.The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow.
securityfocus945039450394503
securityfocus_titleMultiple Huawei Products CVE-2016-8774 Local Buffer Overflow VulnerabilityMultiple Huawei Products CVE-2016-8774 Local Buffer Overflow VulnerabilityMultiple Huawei Products CVE-2016-8774 Local Buffer Overflow Vulnerability
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
0day_days130130130
cvss3_nvd_basescore6.76.76.7
discoverydate14798592001479859200
company_nameQihoo 360Qihoo 360
confirm_urlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-02-smartphone-enhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-02-smartphone-en
osvdb_titleCVE-2016-8774 - Huawei - Mate 8 Firmware - HighCVE-2016-8774 - Huawei - Mate 8 Firmware - High
securityfocus_date1479945600 (11/24/2016)1479945600 (11/24/2016)
securityfocus_classBoundary Condition ErrorBoundary Condition Error
identifiersa-20161123-02
cvss2_nvd_basescore7.2

Do you know our Splunk app?

Download it now for free!