Sign-up

ID

VAR-201704-0295


CVE

CVE-2015-8223


TITLE

Huawei P7 and P8 ALE-UL00 Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-007526

DESCRIPTION

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver. HuaweiP7 and P8 Youth Edition are both Huawei's smartphone devices. An attacker could use the vulnerability to enter an illegal parameter into the camera driver by tricking the user into installing a malicious application and obtaining the system or camera privileges of the device, causing the system to crash. The following products and versions are affected: Huawei P7 earlier than P7-L00C17B851, earlier than P7-L05C00B851, earlier than P7-L09C92B851; P8 Youth Edition earlier than ALE-UL00B211

Trust: 2.25

sources: NVD: CVE-2015-8223 // JVNDB: JVNDB-2015-007526 // CNVD: CNVD-2017-08780 // VULHUB: VHN-86184

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-08780

AFFECTED PRODUCTS

vendor:huaweimodel:p8 ale-ul00scope:eqversion: -

Trust: 1.6

vendor:huaweimodel:p7scope:eqversion:*

Trust: 1.0

vendor:huaweimodel:p7scope:ltversion:p7-l00c17b851

Trust: 0.8

vendor:huaweimodel:p7scope:ltversion:p7-l05c00b851

Trust: 0.8

vendor:huaweimodel:p7scope:ltversion:p7-l09c92b851

Trust: 0.8

vendor:huaweimodel:p8 ale-ul00scope:ltversion:ale-ul00b211

Trust: 0.8

vendor:huaweimodel:p7 <p7-l00c17b851scope: - version: -

Trust: 0.6

vendor:huaweimodel:p7 <p7-l05c00b851scope: - version: -

Trust: 0.6

vendor:huaweimodel:p7 <p7-l09c92b851scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 ale-ul00 <ale-ul00b211scope: - version: -

Trust: 0.6

vendor:huaweimodel:p7scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-08780 // JVNDB: JVNDB-2015-007526 // CNNVD: CNNVD-201704-764 // NVD: CVE-2015-8223

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8223
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-8223
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-08780
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-764
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86184
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8223
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-08780
severity: MEDIUM
baseScore: 4.0
vectorString: AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86184
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8223
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-08780 // VULHUB: VHN-86184 // JVNDB: JVNDB-2015-007526 // CNNVD: CNNVD-201704-764 // NVD: CVE-2015-8223

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.9

sources: VULHUB: VHN-86184 // JVNDB: JVNDB-2015-007526 // NVD: CVE-2015-8223

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-764

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-764

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007526

PATCH
title:Huawei-SA-20151106-01-Cameraurl:http://www.huawei.com/en/psirt/security-advisories/hw-460489
Trust: 0.8
title:HuaweiP7 and P8 Youth Edition Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/95000
Trust: 0.6
title:Huawei P7  and P8 Youth version security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70695
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-08780 // 
            
            
            
            JVNDB: JVNDB-2015-007526 // 
            
            
            
            CNNVD: CNNVD-201704-764

EXTERNAL IDS
db:NVDid:CVE-2015-8223
Trust: 3.1
db:JVNDBid:JVNDB-2015-007526
Trust: 0.8
db:CNNVDid:CNNVD-201704-764
Trust: 0.7
db:CNVDid:CNVD-2017-08780
Trust: 0.6
db:VULHUBid:VHN-86184
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-08780 // 
            
            
            
            VULHUB: VHN-86184 // 
            
            
            
            JVNDB: JVNDB-2015-007526 // 
            
            
            
            CNNVD: CNNVD-201704-764 // 
            
            
            
            NVD: CVE-2015-8223

REFERENCES
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-460489.htm
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8223
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-8223
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-08780 // 
            
            
            
            VULHUB: VHN-86184 // 
            
            
            
            JVNDB: JVNDB-2015-007526 // 
            
            
            
            CNNVD: CNNVD-201704-764 // 
            
            
            
            NVD: CVE-2015-8223

SOURCES
db:CNVDid:CNVD-2017-08780
db:VULHUBid:VHN-86184
db:JVNDBid:JVNDB-2015-007526
db:CNNVDid:CNNVD-201704-764
db:NVDid:CVE-2015-8223

LAST UPDATE DATE
2025-04-20T23:32:14.524000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-08780date:2017-06-08T00:00:00
db:VULHUBid:VHN-86184date:2017-04-25T00:00:00
db:JVNDBid:JVNDB-2015-007526date:2017-05-18T00:00:00
db:CNNVDid:CNNVD-201704-764date:2017-06-07T00:00:00
db:NVDid:CVE-2015-8223date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-08780date:2017-06-08T00:00:00
db:VULHUBid:VHN-86184date:2017-04-13T00:00:00
db:JVNDBid:JVNDB-2015-007526date:2017-05-18T00:00:00
db:CNNVDid:CNNVD-201704-764date:2017-04-13T00:00:00
db:NVDid:CVE-2015-8223date:2017-04-13T14:59:00.933