Security Advisory - Buffer Overflow Vulnerability in HIFI Driver of Huawei Smart Phone

2016-11-23T00:00:00
ID HUAWEI-SA-20161123-02-SMARTPHONE
Type huawei
Reporter Huawei Technologies
Modified 2016-11-23T00:00:00

Description

The HIFI driver of some Huawei products has buffer overflow vulnerability due to the lack of a parameters check. An attacker can get ROOT privilege and send given parameter to driver to crash the system or execute arbitrary code. (Vulnerability ID: HWPSIRT-2016-05220) This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-8774. Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-02-smartphone-en