Security Advisory - Multiple Security Vulnerabilities in Driver of Huawei Smart Phones
- SA No:Huawei-SA-20160104-04-SmartPhone
- Initial Release Date: Jan 04, 2016
- Last Release Date: Feb 03, 2016
There are multiple security vulnerabilities in driver of some Huawei smart phones.
There are two interface access control vulnerabilities in Graphics driver. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to crash the system or escalate user privilege. (Vulnerability ID: HWPSIRT-2015-11010 and HWPSIRT-2015-11091)
The vulnerability HWPSIRT-2015-11010 has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8307, the vulnerability HWPSIRT-2015-11091 has been assigned CVE ID: CVE-2015-8680.
There are two heap overflow vulnerabilities in HIFI driver. An attacker may trick a user into installing a malicious application and the application can send given parameter to HIFI driver to crash the system or escalate user privilege. (Vulnerability ID: HWPSIRT-2015-11028 and HWPSIRT-2015-11029)
The vulnerability HWPSIRT-2015-11028 has been assigned CVE ID: CVE-2015-8318, the vulnerability HWPSIRT-2015-11029 has been assigned CVE ID: CVE-2015-8319.
There is a interface access control vulnerability in ovisp driver. An attacker may trick a user into installing a malicious application and application can exploit the vulnerability to crash the system or escalate user privilege. (Vulnerability ID: HWPSIRT-2015-12003)
This vulnerability has been assigned CVE ID: CVE-2015-8681.
Huawei has released software updates to fix those vulnerabilities. This advisory is available at the following link:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160104-04-smartphone-en
|
Product Name |
Affected Version |
Resolved Product and Version |
|
P8[1] |
GRA-TL00C01B220 and earlier versions |
GRA-TL00C01B230 |
|
GRA-CL00C92B220 and earlier versions |
GRA-CL00C92B230 |
|
|
GRA-CL10C92B220 and earlier versions |
GRA-CL10C92B230 |
|
|
GRA-UL00C00B220 and earlier versions |
GRA-UL00C00B230 |
|
|
GRA-UL10C00B220 and earlier versions |
GRA-UL10C00B230 |
|
|
Mate S |
CRR-TL00C01B153SP01 and earlier versions |
CRR-TL00C01B160SP01 |
|
CRR-UL00C00B153 and earlier versions |
CRR-UL00C00B160 |
|
|
CRR-CL00C92B153 and earlier versions |
CRR-CL00C92B161 |
HWPSIRT-2015-11010 & HWPSIRT-2015-11028 & HWPSIRT-2015-11029 & HWPSIRT-2015-11091 & HWPSIRT-2015-12003:
The malicious application installed in smart phone can exploit this vulnerability to crash the system or escalate user privilege.
The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
HWPSIRT-2015-11010 & HWPSIRT-2015-11028 & HWPSIRT-2015-11029 & HWPSIRT-2015-11091 & HWPSIRT-2015-12003:
Base Score: 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Temporal Score: 5.1 (E:F/RL:O/RC:C)HWPSIRT-2015-11010 & HWPSIRT-2015-11091:
1. Prerequisite:
The attacker successfully tricks a user into installing a malicious application on the smart phone.
2. Attacking procedure:
There are two interface access control vulnerabilities in Graphics driver. An attacker may trick a user into installing a malicious application; the application can get graphics privilege and exploit these vulnerabilities to modify the content of some registers, which could cause the system to crash or user privilege to escalate.
HWPSIRT-2015-11028 & HWPSIRT-2015-11029:
1. Prerequisite:
The attacker successfully tricks a user into installing a malicious application on the smart phone.
2. Attacking procedure:
The attacker tricks a user into installing a malicious application on the phone. The malicious application can access specific HIFI driver interfaces of the phone by system calls. The HIFI driver does not properly validate the parameters input by the application. Therefore, the application may exploit this vulnerability to make a heap overflow and read and modify phone memory address, which can crash the system or escalate user privilege.
HWPSIRT-2015-12003:
1. Prerequisite:
The attacker successfully tricks a user into installing a malicious application on the smart phone.
2. Attacking procedure:
There is a interface access control vulnerability in ovisp driver. An attacker may trick a user into installing a malicious application. The application can get camera privilege and exploit this vulnerability to modify content of some registers, which could cause the system to crash or user privilege to escalate.
2. Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.
These vulnerabilities were firstly reported to Huawei PSIRT by Chengming Yang of Alibaba Mobile Security Team. The vulnerability HWPSIRT-2015-11010 was also reported by Chiachih Wu and Xuxian Jiang from C0RE Team of Qihoo 360. The vulnerability HWPSIRT-2015-11028 was also reported by Yanfeng Wang, Yuan-Tsung Lo and Xuxian Jiang from C0RE Team of Qihoo 360. The vulnerability HWPSIRT-2015-12003 was also reported by Jianqiang Zhao, Yanfeng Wang and Xuxian Jiang from C0RE Team of Qihoo 360. Huawei would like to thank Chengming Yang, Chiachih Wu, Xuxian Jiang, Yanfeng Wang, Yuan-Tsung Lo and Jianqiang Zhao for working with us and coordinated vulnerability disclosure to protect our customers.
2016-02-03 V1.2 UPDATED Update information of "Software Versions and Fixes"
2016-01-05 V1.1 UPDATED Update vulnerabilities source information
2016-01-04 V1.0 INITIAL
None
