Security Advisory - Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone
- SA No:Huawei-SA-20151104-01-HIFI
- Initial Release Date: Nov 04, 2015
- Last Release Date: Oct 12, 2016
Some Huawei smart phones have a heap overflow security vulnerability in the HIFI driver. An attacker may trick a user into installing a malicious application and use the application to read and modify memory, which can reboot the system or cause permission escalation. (Vulnerability ID: HWPSIRT-2015-09028)
This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8088.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-460347.htm|
Product Name |
Affected Version |
Resolved Product and Version |
|
Mate 7 |
Versions earlier than MT7-UL00C17B354 |
MT7-UL00C17B354 |
|
Versions earlier than MT7-TL10C00B354 |
MT7-TL10C00B354 |
|
|
Versions earlier than MT7-TL00C01B354 |
MT7-TL00C01B354 |
|
|
Versions earlier than MT7-CL00C92B354 |
MT7-CL00C92B354 |
|
|
P8 |
Versions earlier than GRA-TL00C01B220SP01 |
GRA-TL00C01B220SP01[1] |
|
Versions earlier than GRA-CL00C92B220 |
GRA-CL00C92B220[1] |
|
|
Versions earlier than GRA-CL10C92B220 |
GRA-CL10C92B220[1] |
|
|
Versions earlier than GRA-UL00C00B220 |
GRA-UL00C00B220[1] |
|
|
Versions earlier than GRA-UL10C00B220 |
GRA-UL10C00B220[1] |
|
|
Mate S |
CRR-TL00C01B153SP01 and earlier versions |
CRR-TL00C01B160SP01[1] |
|
CRR-UL00C00B153 and earlier versions |
CRR-UL00C00B160[1] |
|
|
CRR-CL00C92B153 and earlier versions |
CRR-CL00C92B161[1] |
|
| Honor 6/ Honor 6 Plus/ Honor 7 |
Versions earlier than 6.9.16 |
6.9.16[2] |
[1] Mobile phones will receive a system update prompt. The vulnerabilities will be fixed after users install the update.
[2] The product user who submits the upgrade application in huawei club website (https://www.wenjuan.com/s/YBNzIj/) will receive a system update prompt, install the update can fix the vulnerability.
The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
Base Score: 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Temporal Score: 5.1 (E:F/RL:O/RC:C)1. Prerequisite:
The attacker successfully tricks a user into installing a malicious application on the smart phone.
2. Attacking procedure:
The attacker tricks a user into installing a malicious application on the phone. The malicious application can access specific HIFI driver interfaces of the phone by system calls. The HIFI driver does not properly validate the specific addresses input by the application. Therefore, the attacker can exploit this application to read and modify phone memory address, which can reboot the system or cause permission escalation.
- Mobile phones that support automatic update will receive a system update prompt. You can install the update to fix the vulnerabilities.
- Customers should obtain upgrades through Huawei consumer business official website (http://emui.huawei.com/cn/portal.php).
- Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm.
This vulnerability was found by Zhang Ruizhi and Wen Guanxing from Venustech ADLAB and also reported by Wang Qize, Zhu Bin of VPP Security Team and Pan Yu of 360 Vulpecker Team. Huawei PSIRT is not aware of malicious use of the vulnerability described in this advisory.
Huawei express our appreciation for Zhang Ruizhi, Wen Guanxing, Wang Qize, Zhu Bin and Pan Yu's concerns on Huawei products.
For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.
For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.
2016-09-26 V1.6 UPDATED updated information of "Software Versions and Fixes"
2016-02-02 V1.5 UPDATED updated information of "Software Versions and Fixes"
2015-12-09 V1.4 UPDATED updated information of "Software Versions and Fixes"
2015-11-19 V1.3 UPDATED updated information of "Obtaining Fixed Software"
2015-11-09 V1.2 UPDATED added CVE ID
2015-11-05 V1.1 UPDATED updated information of "Exploitation and Vulnerability Source"
2015-11-04 V1.0 INITIAL
None
