CVE-2015-8337

moderate-risk
Published 2016-01-12

The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10 before GRA-UL10C00B220 and Mate7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 allows remote attackers to cause a denial of service (invalid memory access and reboot) via unspecified vectors related to "input null pointer as parameter."

Do I need to act?

-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (9)

Mate 7 Firmware
Mate 7 Firmware
Mate 7 Firmware
Mate 7 Firmware

Affected Vendors

Huawei

References (4)

Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/hw-465304
http://www.securityfocus.com/bid/80357
Vendor Advisory http://www.huawei.com/en/psirt/security-advisories/hw-465304
http://www.securityfocus.com/bid/80357
34
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 15/34 · Moderate