CVE-2015-8682

13.04.2016, 14:59

The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en