Privilege Escalation Issue in Huawei Smartphones
CVE-2016-8793

6.7MEDIUM

Key Information:

Vendor
Huawei
Status
Mate 8,mate S,p8 Versions Before Nxt-al10c00b386,versions Before Nxt-cl00c92b386,versions Before Nxt-dl00c17b386,versions Before Nxt-tl00c01b386,versions Before Crr-cl00c92b368,versions Before Crr-cl20c92b368,versions Before Crr-tl00c01b368,versions Before Crr-ul00c00b368,versions Before Crr-ul20c00b368,versions Before Gra-tl00c01b366,versions Before Gra-cl00c92b366,versions Before Gra-cl10c92b366,versions Before Gra-ul00c00b366,versions Before Gra-ul10c00b366
Vendor
CVE Published:
2 April 2017

Summary

A vulnerability exists in specific Huawei smartphone models that permits attackers with graphic or camera permissions to crash the system, leading to potential privilege escalation. This affects various software versions across the Mate 8, Mate S, and P8 models, and could enable unauthorized users to gain higher system privileges, affecting device security.

Affected Version(s)

Mate 8,Mate S,P8 before NXT-AL10C00B386, before NXT-CL00C92B386, before NXT-DL00C17B386, before NXT-TL00C01B386, before CRR-CL00C92B368, before CRR-CL20C92B368, before CRR-TL00C01B368, before CRR-UL00C00B368, before CRR-UL20C00B368, before GRA-TL00C01B366, before GRA-CL00C92B366, before GRA-CL10C92B366, before GRA-UL00C00B366, before GRA-UL10C00B366 Mate 8,Mate S,P8 Versions before NXT-AL10C00B386,Versions before NXT-CL00C92B386,Versions before NXT-DL00C17B386,Versions before NXT-TL00C01B386,Versions before CRR-CL00C92B368,Versions before CRR-CL20C92B368,Versions before CRR-TL00C01B368,Versions before CRR-UL00C00B368,Versions before CRR-UL20C00B368,Versions before GRA-TL00C01B366,Versions before GRA-CL00C92B366,Versions before GRA-CL10C92B366,Versions before GRA-UL00C00B366,Versions before GRA-UL10C00B366

References

http://www.huawei.com/en/psirt/security-advisories/huawei...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94404
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.