Security Advisory - Two DoS Vulnerabilities in the HIFI Driver of Huawei Smart Phone
- SA No:Huawei-SA-20151209-01-HIFI
- Initial Release Date: 2015-12-09
- Last Release Date: 2016-02-02
Some Huawei smart phones have two DoS (Denial of Service) security vulnerabilities in the HIFI driver. An attacker may trick a user into installing a malicious application and use the application to input null pointer as parameter, which can reboot the system. (Vulnerability ID: HWPSIRT-2015-10038 and HWPSIRT-2015-11008)
The HWPSIRT-2015-11008 vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8337.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-465304.htm
|
Product Name |
Affected Version |
Resolved Product and Version |
|
P8 |
Versions earlier than GRA-TL00C01B220SP01 |
GRA-TL00C01B220SP01[1] |
|
Versions earlier than GRA-CL00C92B220 |
GRA-CL00C92B220[1] |
|
|
Versions earlier than GRA-CL10C92B220 |
GRA-CL10C92B220[1] |
|
|
Versions earlier than GRA-UL00C00B220 |
GRA-UL00C00B220[1] |
|
|
Versions earlier than GRA-UL10C00B220 |
GRA-UL10C00B220[1] |
|
|
Mate7 |
Versions earlier than MT7-UL00C17B354 |
MT7-UL00C17B354 |
|
Versions earlier than MT7-TL10C00B354 |
MT7-TL10C00B354 |
|
|
Versions earlier than MT7-TL00C01B354 |
MT7-TL00C01B354 |
|
|
Versions earlier than MT7-CL00C92B354 |
MT7-CL00C92B354 |
|
|
Mate S |
CRR-TL00C01B153SP01 and earlier versions |
CRR-TL00C01B160SP01[1] |
|
CRR-UL00C00B153 and earlier versions |
CRR-UL00C00B160[1] |
|
|
CRR-CL00C92B153 and earlier versions |
CRR-CL00C92B161[1] |
[1] Mobile phones will receive a system update prompt. The vulnerabilities will be fixed after users install the update.
An attacker may exploit these two vulnerabilities to reboot the system.
These two vulnerabilities classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
Base Score: 4.0 (AV:L/AC:H/Au:N/C:N/I:N/A:C)
Temporal Score: 3.3 (E:F/RL:O/RC:C)1. Prerequisite:
The attacker successfully tricks a user into installing a malicious application on the smart phone.
2. Attacking procedure:
The attacker tricks a user into installing a malicious application on the phone. The malicious application can access specific HIFI driver interfaces of the phone by system calls. The HIFI driver does not properly validate the parameters input by the application and access the invalid address, which can make the system reboot.
- Mobile phones that support automatic update will receive a system update prompt. You can install the update to fix the vulnerabilities.
- Customers should obtain upgrades through Huawei consumer business official website (http://emui.huawei.com/cn/portal.php).
- Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm.
These vulnerabilities were found by Guo Yonggang and Zhao Jianqiang from Lab 0x031E of Qihoo 360 Technology Co.Ltd. Huawei PSIRT is not aware of malicious use of these vulnerabilities described in this advisory.
Huawei express our appreciation for Lab 0x031E of Qihoo 360 Technology Co.Ltd’s concerns on Huawei products.
For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.
For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.
2016-02-02 V1.1 UPDATED updated information of "Software Versions and Fixes"
2015-12-09 V1.0 INITIAL
None
