Sign-up

ID

VAR-201704-0492


CVE

CVE-2016-8757


TITLE

Huawei P9 Software ION Vulnerability in memory management module that can retrieve important information from uninitialized memory

Trust: 0.8

sources: JVNDB: JVNDB-2016-008263

DESCRIPTION

ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive information from uninitialized memory. Huawei SmartPhones is the smartphone of China Huawei. Huawei SmartPhones has an information disclosure vulnerability. An attacker could exploit this vulnerability to obtain sensitive information. Huawei Smart Phone is prone to a local information-disclosure vulnerability. The Huawei Smart Phone P9 is a smartphone from the Chinese company Huawei

Trust: 2.52

sources: NVD: CVE-2016-8757 // JVNDB: JVNDB-2016-008263 // CNVD: CNVD-2016-10517 // BID: 93932 // VULHUB: VHN-97577

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-10517

AFFECTED PRODUCTS

vendor:huaweimodel:p9scope:lteversion:eva-al10c00b192

Trust: 1.8

vendor:huaweimodel:p9scope:lteversion:eva-cl10c00b192

Trust: 1.8

vendor:huaweimodel:p9scope:lteversion:eva-dl10c00b192

Trust: 1.8

vendor:huaweimodel:p9scope:lteversion:eva-tl10c00b192

Trust: 1.8

vendor:huaweimodel:p9scope:gteversion:eva-cl10

Trust: 1.0

vendor:huaweimodel:p9scope:gteversion:eva-al10

Trust: 1.0

vendor:huaweimodel:p9scope:gteversion:eva-dl10

Trust: 1.0

vendor:huaweimodel:p9scope:gteversion:eva-tl10

Trust: 1.0

vendor:huaweimodel:p9 <=eva-al10c00b192scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-dl10c00b192scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-tl10c00b192scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9 <=eva-cl10c00b192scope: - version: -

Trust: 0.6

vendor:huaweimodel:p9scope:eqversion:eva-dl10c00b192

Trust: 0.6

vendor:huaweimodel:p9scope:eqversion:eva-al10c00b192

Trust: 0.6

vendor:huaweimodel:p9scope:eqversion:eva-tl10c00b192

Trust: 0.6

vendor:huaweimodel:p9scope:eqversion:eva-cl10c00b192

Trust: 0.6

vendor:huaweimodel:p9 eva-tl10c00b192scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 eva-dl10c00b192scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 eva-cl10c00b192scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00b192scope: - version: -

Trust: 0.3

vendor:huaweimodel:p9 eva-tl10c00b193scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-dl10c00b193scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-cl10c00b193scope:neversion: -

Trust: 0.3

vendor:huaweimodel:p9 eva-al10c00b193scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2016-10517 // BID: 93932 // JVNDB: JVNDB-2016-008263 // CNNVD: CNNVD-201610-816 // NVD: CVE-2016-8757

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8757
value: LOW

Trust: 1.0

NVD: CVE-2016-8757
value: LOW

Trust: 0.8

CNVD: CNVD-2016-10517
value: LOW

Trust: 0.6

CNNVD: CNNVD-201610-816
value: LOW

Trust: 0.6

VULHUB: VHN-97577
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8757
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-10517
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97577
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8757
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-10517 // VULHUB: VHN-97577 // JVNDB: JVNDB-2016-008263 // CNNVD: CNNVD-201610-816 // NVD: CVE-2016-8757

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-97577 // JVNDB: JVNDB-2016-008263 // NVD: CVE-2016-8757

THREAT TYPE

local

Trust: 0.9

sources: BID: 93932 // CNNVD: CNNVD-201610-816

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201610-816

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008263

PATCH
title:huawei-sa-20161026-02-smartphoneurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-02-smartphone-en
Trust: 0.8
title:Huawei SmartPhones Local Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/83401
Trust: 0.6
title:Huawei Smart Phone P9 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65148
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-10517 // 
            
            
            
            JVNDB: JVNDB-2016-008263 // 
            
            
            
            CNNVD: CNNVD-201610-816

EXTERNAL IDS
db:NVDid:CVE-2016-8757
Trust: 3.4
db:BIDid:93932
Trust: 2.6
db:JVNDBid:JVNDB-2016-008263
Trust: 0.8
db:CNNVDid:CNNVD-201610-816
Trust: 0.7
db:CNVDid:CNVD-2016-10517
Trust: 0.6
db:VULHUBid:VHN-97577
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-10517 // 
            
            
            
            VULHUB: VHN-97577 // 
            
            
            
            BID: 93932 // 
            
            
            
            JVNDB: JVNDB-2016-008263 // 
            
            
            
            CNNVD: CNNVD-201610-816 // 
            
            
            
            NVD: CVE-2016-8757

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-02-smartphone-en
Trust: 2.6
url:http://www.securityfocus.com/bid/93932
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8757
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8757
Trust: 0.8
url:http://www.huawei.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-10517 // 
            
            
            
            VULHUB: VHN-97577 // 
            
            
            
            BID: 93932 // 
            
            
            
            JVNDB: JVNDB-2016-008263 // 
            
            
            
            CNNVD: CNNVD-201610-816 // 
            
            
            
            NVD: CVE-2016-8757

CREDITS
Dongdong She and Zhiyun Qian.,Hang Zhang
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201610-816

SOURCES
db:CNVDid:CNVD-2016-10517
db:VULHUBid:VHN-97577
db:BIDid:93932
db:JVNDBid:JVNDB-2016-008263
db:CNNVDid:CNNVD-201610-816
db:NVDid:CVE-2016-8757

LAST UPDATE DATE
2025-04-20T23:23:47.392000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-10517date:2016-11-02T00:00:00
db:VULHUBid:VHN-97577date:2019-05-30T00:00:00
db:BIDid:93932date:2016-11-24T11:03:00
db:JVNDBid:JVNDB-2016-008263date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201610-816date:2019-05-31T00:00:00
db:NVDid:CVE-2016-8757date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-10517date:2016-11-02T00:00:00
db:VULHUBid:VHN-97577date:2017-04-02T00:00:00
db:BIDid:93932date:2016-10-26T00:00:00
db:JVNDBid:JVNDB-2016-008263date:2017-05-09T00:00:00
db:CNNVDid:CNNVD-201610-816date:2016-10-28T00:00:00
db:NVDid:CVE-2016-8757date:2017-04-02T20:59:01.110