CVE-2016-8764

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.4MEDIUM

EPSS

0.0%

top 90.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei P8 Lite Firmware Huawei P9 Lite Firmware

Timeline

PublishedApr 2

Latest updateMay 17

Description

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to read and write user-mode memory data anywhere in the TrustZone driver.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/p8_lite_firmwareale-l02c636b150

▶NVDhuawei/p9_lite_firmwarevns-l21c185b130

🔴Vulnerability Details

GHSA

GHSA-q44f-95xp-jm2w: The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier ver↗2022-05-17

▶

CVEList

CVE-2016-8764: The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier ver↗2017-04-02

▶