CVE-2015-8682 - OpenCVE

The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:P/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Mate S Mate S Firmware P8 P8 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:huawei:mate_s:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:huawei:mate_s_firmware::::::::
	cpe:2.3:a:huawei:mate_s_firmware::::::::
	cpe:2.3:a:huawei:mate_s_firmware::::::::

Configuration 2 [-]

AND

cpe:2.3:h:huawei:p8:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:huawei:p8_firmware::::::::
	cpe:2.3:a:huawei:p8_firmware::::::::
	cpe:2.3:a:huawei:p8_firmware::::::::
	cpe:2.3:a:huawei:p8_firmware::::::::
	cpe:2.3:a:huawei:p8_firmware::::::::

No data.

References

Link	Providers
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-13T14:00:00

Updated: 2024-08-06T08:29:21.341Z

Reserved: 2015-12-25T00:00:00

Link: CVE-2015-8682

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2016-04-13T14:59:04.923

Modified: 2016-04-20T14:28:39.853

Link: CVE-2015-8682

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-30T00:00:00", "descriptions": [{"lang": "en", "value": "The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-04-13T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8682", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:29:21.341Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8682", "datePublished": "2016-04-13T14:00:00", "dateReserved": "2015-12-25T00:00:00", "dateUpdated": "2024-08-06T08:29:21.341Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B240A6C3-B8D7-4755-A74C-BE37FDE7CBF1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:huawei:mate_s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCF745F4-24D1-4319-9C4E-4967F71EE130", "versionEndIncluding": "crr-cl00c92b153", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:mate_s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "24843F43-7879-4211-BAB1-F7911D8BDC4C", "versionEndIncluding": "crr-tl00c01b153sp01", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:mate_s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "29470554-85C1-4074-BEA8-46FB3C32AE07", "versionEndIncluding": "crr-ul00c00b153", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:p8:-:*:*:*:*:*:*:*", "matchCriteriaId": "F43A4D21-F16A-4277-A7AF-9ADBC3429F4C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:huawei:p8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A53A2854-71CD-41CF-A56F-92F31DDD5BE3", "versionEndIncluding": "gra-cl00c92b230", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:p8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D64BE60-9809-4B23-8986-935A03EB1AB0", "versionEndIncluding": "gra-cl10c92b230", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:p8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8283CD77-90B3-43CB-82AF-6BEB70618289", "versionEndIncluding": "gra-tl00c01b230", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:p8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D06BDBE6-5C3B-464F-9F76-D90FA1C3B10E", "versionEndIncluding": "gra-ul00c00b230", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:p8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "78CB750E-C642-4A4D-8724-6A15A72EE8C5", "versionEndIncluding": "gra-ul10c00b230", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access."}, {"lang": "es", "value": "El controlador Video0 en smartphones Huawei P8 con software GRA-UL00 en versiones anteriores a GRA-UL00C00B350, GRA-UL10 en versiones anteriores a GRA-UL10C00B350, GRA-TL00 en versiones anteriores a GRA-TL00C01B350, GRA-CL00 en versiones anteriores a GRA-CL00C92B350 y GRA-CL10 en versiones anteriores a GRA-CL10C92B350 y smartphones Mate S con software CRR-TL00 en versiones anteriores a CRR-TL00C01B160SP01, CRR-UL00 en versiones anteriores a CRR-UL00C00B160 y CRR-CL00 en versiones anteriores a CRR-CL00C92B161 permite a atacantes obtener informaci\u00f3n sensible de la memoria de pila o provocar una denegaci\u00f3n de servicio (ca\u00edda de sistema) a trav\u00e9s de una aplicaci\u00f3n manipulada, lo que desencadena un acceso de memoria no v\u00e1lido."}], "id": "CVE-2015-8682", "lastModified": "2016-04-20T14:28:39.853", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-13T14:59:04.923", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160130-01-smartphone-en"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}