PT-2017-9794 · Huawei · Huawei P8 Lite+2
Nick Stephens
·
Published
2017-04-02
·
Updated
2017-04-07
·
CVE-2016-8764
CVSS v3.1
6.4
Medium
| Vector | AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei P9 versions earlier than EVA-AL10C00B352
Huawei P9 Lite versions VNS-L21C185B130 and earlier
Huawei P8 Lite versions ALE-L02C636B150 and earlier
Description
The issue is related to an input validation problem in the TrustZone driver. This allows attackers to read and write user-mode memory data anywhere in the TrustZone driver, potentially leading to unauthorized access or modification of sensitive data.
Recommendations
For Huawei P9 versions earlier than EVA-AL10C00B352, update to version EVA-AL10C00B352 or later.
For Huawei P9 Lite versions VNS-L21C185B130 and earlier, update to a version later than VNS-L21C185B130.
For Huawei P8 Lite versions ALE-L02C636B150 and earlier, update to a version later than ALE-L02C636B150.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei P8 Lite
Huawei P9
Huawei P9 Lite