Security Advisory - Multiple Security Vulnerabilities in Driver of Huawei Smart Phones

There are multiple security vulnerabilities in driver of some Huawei smart phones.

There are two interface access control vulnerabilities in Graphics driver. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to crash the system or escalate user privilege. (Vulnerability ID: HWPSIRT-2015-11010 and HWPSIRT-2015-11091)

The vulnerability HWPSIRT-2015-11010 has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8307, the vulnerability HWPSIRT-2015-11091 has been assigned CVE ID: CVE-2015-8680.

There are two heap overflow vulnerabilities in HIFI driver. An attacker may trick a user into installing a malicious application and the application can send given parameter to HIFI driver to crash the system or escalate user privilege. (Vulnerability ID: HWPSIRT-2015-11028 and HWPSIRT-2015-11029)

The vulnerability HWPSIRT-2015-11028 has been assigned CVE ID: CVE-2015-8318, the vulnerability HWPSIRT-2015-11029 has been assigned CVE ID: CVE-2015-8319.

There is a interface access control vulnerability in ovisp driver. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to crash the system or escalate user privilege. (Vulnerability ID: HWPSIRT-2015-12003)

This vulnerability has been assigned CVE ID: CVE-2015-8681.

Huawei has released software updates to fix those vulnerabilities. This advisory is available at the following link:
<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-04-smartphone-en&gt;