CVE-2015-8088

7.8HIGH

Key Information:

Vendor: Huawei
Status: P8 Firmware
Vendor: CVE Published:; 12 January 2016

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 and P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, and GRA-UL10 before GRA-UL10C00B220 allows attackers to cause a denial of service (reboot) or execute arbitrary code via a crafted application.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-8088
Created by Pray3r

References

http://www.securityfocus.com/bid/77560

vdb-entryx_refsource_BID

http://www.huawei.com/en/psirt/security-advisories/hw-460347

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2016
🟡
Public PoC available
Dec 9, 2015
👾
Exploit known to exist
Dec 9, 2015
Vulnerability Reserved
Nov 6, 2015