Heap-based Buffer Overflow in Huawei Mate 7 and P8 Devices
CVE-2015-8088

7.8HIGH

Key Information:

Vendor: Huawei
Status: P8 Firmware
Vendor: CVE Published:; 12 January 2016

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2015-8088?

A heap-based buffer overflow vulnerability exists in the HIFI driver integrated into select Huawei Mate 7 and P8 smartphones. This flaw permits attackers to exploit crafted applications to either induce a system reboot or execute arbitrary code, posing significant security risks to users. Certain versions of the Mate 7 and P8 software are particularly susceptible, necessitating prompt updates to secure devices against potential exploitation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-8088
Created by Pray3r

References

http://www.securityfocus.com/bid/77560

vdb-entryx_refsource_BID

http://www.huawei.com/en/psirt/security-advisories/hw-460347

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2016
🟡
Public PoC available
Dec 9, 2015
👾
Exploit known to exist
Dec 9, 2015
Vulnerability Reserved
Nov 6, 2015