Security Advisory - Multiple Security Vulnerabilities in Driver of Huawei Smart Phones

2016-01-04T00:00:00
ID HUAWEI-SA-20160104-04-SMARTPHONE
Type huawei
Reporter Huawei Technologies
Modified 2016-02-03T00:00:00

Description

There are multiple security vulnerabilities in driver of some Huawei smart phones. There are two interface access control vulnerabilities in Graphics driver. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to crash the system or escalate user privilege. (Vulnerability ID: HWPSIRT-2015-11010 and HWPSIRT-2015-11091) The vulnerability HWPSIRT-2015-11010 has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8307, the vulnerability HWPSIRT-2015-11091 has been assigned CVE ID: CVE-2015-8680. There are two heap overflow vulnerabilities in HIFI driver. An attacker may trick a user into installing a malicious application and the application can send given parameter to HIFI driver to crash the system or escalate user privilege. (Vulnerability ID: HWPSIRT-2015-11028 and HWPSIRT-2015-11029) The vulnerability HWPSIRT-2015-11028 has been assigned CVE ID: CVE-2015-8318, the vulnerability HWPSIRT-2015-11029 has been assigned CVE ID: CVE-2015-8319. There is a interface access control vulnerability in ovisp driver. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to crash the system or escalate user privilege. (Vulnerability ID: HWPSIRT-2015-12003) This vulnerability has been assigned CVE ID: CVE-2015-8681. Huawei has released software updates to fix those vulnerabilities. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-04-smartphone-en