CVE-2016-8764

MEDIUM

Huawei P9 <EVA-AL10C00B352 - Memory Corruption

Title source: llm

Description

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver.

References (2)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161123-01-smartphone-en

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94509

Scores

CVSS v3 6.4

EPSS 0.0003

EPSS Percentile 9.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-20

Status published

Affected Products (4)

huawei/p9_firmware

huawei/p9_lite_firmware < vns-l21c185b130

huawei/p8_lite_firmware < ale-l02c636b150

n/a/P9,P9 Lite,P8 Lite Versions earlier than EVA-AL10C00B352,VNS-L21C185B130 and earlier versions,ALE-L02C636B150 and earlier versions < P9,P9 Lite,P8 Lite Versions earlier than EVA-AL10C00B352,VNS-L21C185B130 and earlier versions,ALE-L0

Timeline

Published Apr 02, 2017

Tracked Since Feb 18, 2026