This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Advisory - Heap Overflow Vulnerability in the HIFI Driver of Huawei Smart Phone

  • SA No:Huawei-SA-20151104-01-HIFI
  • Initial Release Date: Nov 04, 2015
  • Last Release Date: Oct 12, 2016

Some Huawei smart phones have a heap overflow security vulnerability in the HIFI driver. An attacker may trick a user into installing a malicious application and use the application to read and modify memory, which can reboot the system or cause permission escalation. (Vulnerability ID: HWPSIRT-2015-09028)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-8088.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-460347.htm

Product Name

Affected Version

Resolved Product and Version

Mate 7

Versions earlier than MT7-UL00C17B354

MT7-UL00C17B354

Versions earlier than MT7-TL10C00B354

MT7-TL10C00B354

Versions earlier than MT7-TL00C01B354

MT7-TL00C01B354

Versions earlier than MT7-CL00C92B354

MT7-CL00C92B354

P8

Versions earlier than GRA-TL00C01B220SP01

GRA-TL00C01B220SP01[1]

Versions earlier than GRA-CL00C92B220

GRA-CL00C92B220[1]

Versions earlier than GRA-CL10C92B220

GRA-CL10C92B220[1]

Versions earlier than GRA-UL00C00B220

GRA-UL00C00B220[1]

Versions earlier than GRA-UL10C00B220

GRA-UL10C00B220[1]

Mate S

CRR-TL00C01B153SP01 and earlier versions

CRR-TL00C01B160SP01[1]

CRR-UL00C00B153 and earlier versions

CRR-UL00C00B160[1]

CRR-CL00C92B153 and earlier versions

CRR-CL00C92B161[1]

Honor 6/ Honor 6 Plus/ Honor 7
Versions earlier than 6.9.16
6.9.16[2]

[1] Mobile phones will receive a system update prompt. The vulnerabilities will be fixed after users install the update.
[2] The product user who submits the upgrade application in huawei club website (https://www.wenjuan.com/s/YBNzIj/) will receive a system update prompt, install the update can fix the vulnerability.

An attacker may exploit this vulnerability to reboot the system or cause permission escalation.

The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).

Base Score: 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)

Temporal Score: 5.1 (E:F/RL:O/RC:C)

1. Prerequisite:

The attacker successfully tricks a user into installing a malicious application on the smart phone.

2. Attacking procedure:

The attacker tricks a user into installing a malicious application on the phone. The malicious application can access specific HIFI driver interfaces of the phone by system calls. The HIFI driver does not properly validate the specific addresses input by the application. Therefore, the attacker can exploit this application to read and modify phone memory address, which can reboot the system or cause permission escalation.
  1. Mobile phones that support automatic update will receive a system update prompt. You can install the update to fix the vulnerabilities.
  2. Customers should obtain upgrades through Huawei consumer business official website (http://emui.huawei.com/cn/portal.php).
  3. Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm.

This vulnerability was found by Zhang Ruizhi and Wen Guanxing from Venustech ADLAB and also reported by Wang Qize, Zhu Bin of VPP Security Team and Pan Yu of 360 Vulpecker Team. Huawei PSIRT is not aware of malicious use of the vulnerability described in this advisory.
Huawei express our appreciation for Zhang Ruizhi, Wen Guanxing, Wang Qize, Zhu Bin and Pan Yu's concerns on Huawei products.

For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.

For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.


2016-10-12 V1.7 UPDATED updated information of "Exploitation and Vulnerability Source"
2016-09-26 V1.6 UPDATED updated information of "Software Versions and Fixes"
2016-02-02 V1.5 UPDATED updated information of "Software Versions and Fixes"
2015-12-09 V1.4 UPDATED updated information of "Software Versions and Fixes"
2015-11-19 V1.3 UPDATED updated information of "Obtaining Fixed Software"
2015-11-09 V1.2 UPDATED added CVE ID
2015-11-05 V1.1 UPDATED updated information of "Exploitation and Vulnerability Source"
2015-11-04 V1.0 INITIAL
This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.


Complete information for providing feedback on security vulnerability of Huawei products, getting support for Huawei security incident response services, and obtaining Huawei security vulnerability information, is available on Huawei's worldwide website at http://www.huawei.com/en/security/psirt/.