CVE-2015-8088

moderate-risk

Published 2016-01-12

Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 and P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, and GRA-UL10 before GRA-UL10C00B220 allows attackers to cause a denial of service (reboot) or execute arbitrary code via a crafted application.

Do I need to act?

0.80% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

44306

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (9)

P8 Firmware

Mate 7 Firmware

P8 Firmware

Mate 7 Firmware

Affected Vendors

Huawei

References (4)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/hw-460347

http://www.securityfocus.com/bid/77560

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/hw-460347

http://www.securityfocus.com/bid/77560

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 3/34 · Minimal

Exposure 15/34 · Moderate