Sign-up

ID

VAR-201704-0395


CVE

CVE-2015-7740


TITLE

Huawei P7 and P8 ALE-UL00 Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-007525

DESCRIPTION

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. HuaweiP7 and P8 Youth Edition are both Huawei's smartphone devices. GPUdriver is one of the graphics drivers. A refusal service vulnerability exists in the GPU drivers in HuaweiP7 and P8 Youth. An attacker could exploit the vulnerability to trick the phone system into crashes by tricking the user into installing a malicious application and entering an illegal parameter into the product's graphics processing unit (GPU) driver. The following products and versions are affected: Huawei P7-L00C17B851 earlier, P7-L05C00B851 earlier, P7-L09C92B851 earlier; P8 Youth Edition ALE-UL00B211 earlier

Trust: 2.25

sources: NVD: CVE-2015-7740 // JVNDB: JVNDB-2015-007525 // CNVD: CNVD-2017-08779 // VULHUB: VHN-85701

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-08779

AFFECTED PRODUCTS

vendor:huaweimodel:p7scope:eqversion:*

Trust: 1.0

vendor:huaweimodel:p8 ale-ul00scope:eqversion:*

Trust: 1.0

vendor:huaweimodel:p7scope:ltversion:p7-l00c17b851

Trust: 0.8

vendor:huaweimodel:p7scope:ltversion:p7-l05c00b851

Trust: 0.8

vendor:huaweimodel:p7scope:ltversion:p7-l09c92b851

Trust: 0.8

vendor:huaweimodel:p8 ale-ul00scope:ltversion:ale-ul00b211

Trust: 0.8

vendor:huaweimodel:p7 <p7-l00c17b851scope: - version: -

Trust: 0.6

vendor:huaweimodel:p7 <p7-l05c00b851scope: - version: -

Trust: 0.6

vendor:huaweimodel:p7 <p7-l09c92b851scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 ale-ul00 <ale-ul00b211scope: - version: -

Trust: 0.6

vendor:huaweimodel:p7scope: - version: -

Trust: 0.6

vendor:huaweimodel:p8 ale-ul00scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-08779 // JVNDB: JVNDB-2015-007525 // CNNVD: CNNVD-201704-765 // NVD: CVE-2015-7740

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7740
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7740
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-08779
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-765
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85701
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7740
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-08779
severity: MEDIUM
baseScore: 4.0
vectorString: AV:L/AC:H/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85701
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7740
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-08779 // VULHUB: VHN-85701 // JVNDB: JVNDB-2015-007525 // CNNVD: CNNVD-201704-765 // NVD: CVE-2015-7740

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-85701 // JVNDB: JVNDB-2015-007525 // NVD: CVE-2015-7740

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201704-765

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201704-765

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007525

PATCH
title:Huawei-SA-20151106-01-GPUurl:http://www.huawei.com/en/psirt/security-advisories/hw-460486
Trust: 0.8
title:HuaweiP7 and P8 Youth Edition GPU Driver Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/94998
Trust: 0.6
title:Huawei P7  and P8 Youth version GPU Driver input verification vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70696
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-08779 // 
            
            
            
            JVNDB: JVNDB-2015-007525 // 
            
            
            
            CNNVD: CNNVD-201704-765

EXTERNAL IDS
db:NVDid:CVE-2015-7740
Trust: 3.1
db:JVNDBid:JVNDB-2015-007525
Trust: 0.8
db:CNNVDid:CNNVD-201704-765
Trust: 0.7
db:CNVDid:CNVD-2017-08779
Trust: 0.6
db:VULHUBid:VHN-85701
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-08779 // 
            
            
            
            VULHUB: VHN-85701 // 
            
            
            
            JVNDB: JVNDB-2015-007525 // 
            
            
            
            CNNVD: CNNVD-201704-765 // 
            
            
            
            NVD: CVE-2015-7740

REFERENCES
url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-460486.htm
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7740
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7740
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-08779 // 
            
            
            
            VULHUB: VHN-85701 // 
            
            
            
            JVNDB: JVNDB-2015-007525 // 
            
            
            
            CNNVD: CNNVD-201704-765 // 
            
            
            
            NVD: CVE-2015-7740

SOURCES
db:CNVDid:CNVD-2017-08779
db:VULHUBid:VHN-85701
db:JVNDBid:JVNDB-2015-007525
db:CNNVDid:CNNVD-201704-765
db:NVDid:CVE-2015-7740

LAST UPDATE DATE
2025-04-20T23:26:07.652000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-08779date:2017-06-09T00:00:00
db:VULHUBid:VHN-85701date:2017-04-25T00:00:00
db:JVNDBid:JVNDB-2015-007525date:2017-05-18T00:00:00
db:CNNVDid:CNNVD-201704-765date:2017-06-07T00:00:00
db:NVDid:CVE-2015-7740date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-08779date:2017-06-08T00:00:00
db:VULHUBid:VHN-85701date:2017-04-13T00:00:00
db:JVNDBid:JVNDB-2015-007525date:2017-05-18T00:00:00
db:CNNVDid:CNNVD-201704-765date:2017-04-13T00:00:00
db:NVDid:CVE-2015-7740date:2017-04-13T14:59:00.870