ID HUAWEI-SA-20160104-04-SMARTPHONE
Type huawei
Reporter Huawei Technologies
Modified 2016-02-03T00:00:00
Description
Products
Switches
Routers
WLAN
Servers
See All
Solutions
Cloud Data Center
Enterprise Networking
Wireless Private Network
Solutions by Industry
See All
Services
Training and Certification
ICT Lifecycle Services
Technology Services
Industry Solution Services
See All
See all offerings at e.huawei.com
Need Support ?
Product Support
Software Download
Community
Tools
Go to Full Support
{"id": "HUAWEI-SA-20160104-04-SMARTPHONE", "bulletinFamily": "software", "title": "Security Advisory - Multiple Security Vulnerabilities in Driver of Huawei Smart Phones", "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "published": "2016-01-04T00:00:00", "modified": "2016-02-03T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160104-04-smartphone-en", "reporter": "Huawei Technologies", "references": [], "cvelist": ["CVE-2015-8680", "CVE-2015-8307", "CVE-2015-8319", "CVE-2015-8318", "CVE-2015-8681"], "type": "huawei", "lastseen": "2019-02-01T18:01:43", "edition": 1, "viewCount": 0, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2019-02-01T18:01:43", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-8319", "CVE-2015-8307", "CVE-2015-8680", "CVE-2015-8318", "CVE-2015-8681"]}], "modified": "2019-02-01T18:01:43", "rev": 2}, "vulnersScore": 5.4}, "affectedSoftware": [{"name": "P8", "operator": "eq", "version": "GRA-CL00C92B220 and earlier versions"}, {"name": "Mate S", "operator": "eq", "version": "CRR-CL00C92B153 and earlier versions"}, {"name": "Mate S", "operator": "eq", "version": "CRR-TL00C01B153SP01 and earlier versions"}, {"name": "P8", "operator": "eq", "version": "GRA-CL10C92B220 and earlier versions"}, {"name": "P8", "operator": "eq", "version": "GRA-UL00C00B220 and earlier versions"}, {"name": "P8", "operator": "eq", "version": "GRA-UL10C00B220 and earlier versions"}, {"name": "Mate S", "operator": "eq", "version": "CRR-UL00C00B153 and earlier versions"}, {"name": "P8", "operator": "eq", "version": "GRA-TL00C01B220 and earlier versions"}]}
{"cve": [{"lastseen": "2020-10-03T12:49:57", "description": "Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2015-8318.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-07T20:59:00", "title": "CVE-2015-8319", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8319"], "modified": "2016-04-11T14:28:00", "cpe": ["cpe:/o:huawei:p8_firmware:gra-ul10", "cpe:/o:huawei:p8_firmware:gra-ul00", "cpe:/o:huawei:mate_s_firmware:crr-tl00", "cpe:/o:huawei:p8_firmware:gra-tl00", "cpe:/o:huawei:mate_s_firmware:crr-cl00", "cpe:/o:huawei:p8_firmware:gra-cl00", "cpe:/o:huawei:p8_firmware:gra-cl10", "cpe:/o:huawei:mate_s_firmware:crr-ul00"], "id": "CVE-2015-8319", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8319", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:huawei:p8_firmware:gra-tl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-cl10:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-ul10:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-tl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-ul00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-ul00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-cl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-cl00:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:49:56", "description": "The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the graphics permission, aka an \"interface access control vulnerability,\" a different vulnerability than CVE-2015-8680.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-07T20:59:00", "title": "CVE-2015-8307", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8307"], "modified": "2016-04-11T14:17:00", "cpe": ["cpe:/o:huawei:p8_firmware:gra-ul10", "cpe:/o:huawei:p8_firmware:gra-ul00", "cpe:/o:huawei:mate_s_firmware:crr-tl00", "cpe:/o:huawei:p8_firmware:gra-tl00", "cpe:/o:huawei:mate_s_firmware:crr-cl00", "cpe:/o:huawei:p8_firmware:gra-cl00", "cpe:/o:huawei:p8_firmware:gra-cl10", "cpe:/o:huawei:mate_s_firmware:crr-ul00"], "id": "CVE-2015-8307", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8307", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:huawei:p8_firmware:gra-tl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-cl10:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-ul10:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-tl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-ul00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-ul00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-cl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-cl00:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:49:57", "description": "Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2015-8319.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-07T20:59:00", "title": "CVE-2015-8318", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8318"], "modified": "2016-04-11T14:27:00", "cpe": ["cpe:/o:huawei:p8_firmware:gra-ul10", "cpe:/o:huawei:p8_firmware:gra-ul00", "cpe:/o:huawei:mate_s_firmware:crr-tl00", "cpe:/o:huawei:p8_firmware:gra-tl00", "cpe:/o:huawei:mate_s_firmware:crr-cl00", "cpe:/o:huawei:p8_firmware:gra-cl00", "cpe:/o:huawei:p8_firmware:gra-cl10", "cpe:/o:huawei:mate_s_firmware:crr-ul00"], "id": "CVE-2015-8318", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8318", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:huawei:p8_firmware:gra-tl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-cl10:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-ul10:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-tl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-ul00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-ul00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-cl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-cl00:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:49:57", "description": "The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the graphics permission, aka an \"interface access control vulnerability,\" a different vulnerability than CVE-2015-8307.", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-07T20:59:00", "title": "CVE-2015-8680", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8680"], "modified": "2016-04-11T14:29:00", "cpe": ["cpe:/o:huawei:p8_firmware:gra-ul10", "cpe:/o:huawei:p8_firmware:gra-ul00", "cpe:/o:huawei:mate_s_firmware:crr-tl00", "cpe:/o:huawei:p8_firmware:gra-tl00", "cpe:/o:huawei:mate_s_firmware:crr-cl00", "cpe:/o:huawei:p8_firmware:gra-cl00", "cpe:/o:huawei:p8_firmware:gra-cl10", "cpe:/o:huawei:mate_s_firmware:crr-ul00", "cpe:/h:huawei:p8:-"], "id": "CVE-2015-8680", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8680", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:huawei:p8_firmware:gra-tl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-cl10:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-ul10:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-tl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-ul00:*:*:*:*:*:*:*", "cpe:2.3:h:huawei:p8:-:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-ul00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-cl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-cl00:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:49:57", "description": "The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the camera permission, aka an \"interface access control vulnerability.\"", "edition": 3, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-04-07T20:59:00", "title": "CVE-2015-8681", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8681"], "modified": "2016-04-11T14:30:00", "cpe": ["cpe:/o:huawei:p8_firmware:gra-ul10", "cpe:/o:huawei:p8_firmware:gra-ul00", "cpe:/o:huawei:mate_s_firmware:crr-tl00", "cpe:/o:huawei:p8_firmware:gra-tl00", "cpe:/o:huawei:mate_s_firmware:crr-cl00", "cpe:/o:huawei:p8_firmware:gra-cl00", "cpe:/o:huawei:p8_firmware:gra-cl10", "cpe:/o:huawei:mate_s_firmware:crr-ul00"], "id": "CVE-2015-8681", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8681", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:huawei:p8_firmware:gra-tl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-cl10:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-ul10:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-tl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-ul00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-ul00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:p8_firmware:gra-cl00:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:mate_s_firmware:crr-cl00:*:*:*:*:*:*:*"]}]}