CVE-2016-8762

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUM

EPSS

0.0%

top 92.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei P8 Lite Firmware Huawei P9 Lite Firmware

Timeline

PublishedApr 2

Latest updateMay 17

Description

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.3 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/p8_lite_firmwareale-l02c636b150

▶NVDhuawei/p9_lite_firmwarevns-l21c185b130

🔴Vulnerability Details

GHSA

GHSA-7gpm-629q-g6v7: The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier ver↗2022-05-17

▶

CVEList

CVE-2016-8762: The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier ver↗2017-04-02

▶