cvelistv5 - cve-2016-8768

CVE-2016-8768 (GCVE-0-2016-8768)

Vulnerability from cvelistv5 – Published: 2017-04-02 20:00 – Updated: 2024-08-06 02:35

Summary

Severity ?

No CVSS data available.

CWE

Privileged Execute-Never (PXN) defense mechanism failure

Assigner

huawei

References

URL

Tags

	http://www.huawei.com/en/psirt/security-advisorie…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/93885	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16	Affected: Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:35:01.089Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
          },
          {
            "name": "93885",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93885"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privileged Execute-Never (PXN) defense mechanism failure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-03T09:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
        },
        {
          "name": "93885",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93885"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2016-8768",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privileged Execute-Never (PXN) defense mechanism failure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
            },
            {
              "name": "93885",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93885"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2016-8768",
    "datePublished": "2017-04-02T20:00:00",
    "dateReserved": "2016-10-18T00:00:00",
    "dateUpdated": "2024-08-06T02:35:01.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:honor_6_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C116913A-693F-40E3-A60E-329F9EF21774\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:honor_6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FE24C63-66F2-4647-B32D-ADA1EAC7F23E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:honor_6_plus_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F29AE585-268C-4AAB-A1B5-E7D6105DDE2A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:honor_6_plus:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"114E7780-973B-4A31-B5C3-1FDF54925E18\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:honor_7_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"933D44DF-9698-4AEC-85CB-F29F82F1064C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:honor_7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24270E44-CD62-44D4-86F9-5519AA00FA44\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.\"}, {\"lang\": \"es\", \"value\": \"Los tel\\u00e9fonos Huawei Honor 6, Honor 6 Plus, Honor 7 con versiones de software anteriores a 6.9.16 podr\\u00edan permitir a atacantes deshabilitar el mecanismo de defensa PXN invocando el c\\u00f3digo de unidad relacionada para bloquear el sistema o escalar privilegio.\"}]",
      "id": "CVE-2016-8768",
      "lastModified": "2024-11-21T03:00:01.270",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-04-02T20:59:01.360",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93885\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93885\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-254\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8768\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2017-04-02T20:59:01.360\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.\"},{\"lang\":\"es\",\"value\":\"Los tel\u00e9fonos Huawei Honor 6, Honor 6 Plus, Honor 7 con versiones de software anteriores a 6.9.16 podr\u00edan permitir a atacantes deshabilitar el mecanismo de defensa PXN invocando el c\u00f3digo de unidad relacionada para bloquear el sistema o escalar privilegio.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-254\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:honor_6_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C116913A-693F-40E3-A60E-329F9EF21774\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:honor_6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FE24C63-66F2-4647-B32D-ADA1EAC7F23E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:honor_6_plus_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F29AE585-268C-4AAB-A1B5-E7D6105DDE2A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:honor_6_plus:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"114E7780-973B-4A31-B5C3-1FDF54925E18\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:honor_7_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"933D44DF-9698-4AEC-85CB-F29F82F1064C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:honor_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24270E44-CD62-44D4-86F9-5519AA00FA44\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93885\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

FKIE_CVE-2016-8768

Vulnerability from fkie_nvd - Published: 2017-04-02 20:59 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en	Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/93885	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93885	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
huawei	honor_6_firmware	-
huawei	honor_6	-
huawei	honor_6_plus_firmware	-
huawei	honor_6_plus	-
huawei	honor_7_firmware	-
huawei	honor_7	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:honor_6_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C116913A-693F-40E3-A60E-329F9EF21774",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:honor_6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FE24C63-66F2-4647-B32D-ADA1EAC7F23E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:honor_6_plus_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F29AE585-268C-4AAB-A1B5-E7D6105DDE2A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:honor_6_plus:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "114E7780-973B-4A31-B5C3-1FDF54925E18",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:honor_7_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "933D44DF-9698-4AEC-85CB-F29F82F1064C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:honor_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24270E44-CD62-44D4-86F9-5519AA00FA44",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege."
    },
    {
      "lang": "es",
      "value": "Los tel\u00e9fonos Huawei Honor 6, Honor 6 Plus, Honor 7 con versiones de software anteriores a 6.9.16 podr\u00edan permitir a atacantes deshabilitar el mecanismo de defensa PXN invocando el c\u00f3digo de unidad relacionada para bloquear el sistema o escalar privilegio."
    }
  ],
  "id": "CVE-2016-8768",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-02T20:59:01.360",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93885"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CQ9V-CCM4-PRW3

Vulnerability from github – Published: 2022-05-17 02:50 – Updated: 2022-05-17 02:50

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8768"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-02T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.",
  "id": "GHSA-cq9v-ccm4-prw3",
  "modified": "2022-05-17T02:50:59Z",
  "published": "2022-05-17T02:50:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8768"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93885"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-8768

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-8768

Aliases

CVE-2016-8768

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8768",
    "description": "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.",
    "id": "GSD-2016-8768"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8768"
      ],
      "details": "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.",
      "id": "GSD-2016-8768",
      "modified": "2023-12-13T01:21:22.375625Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2016-8768",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Honor 6,Honor 6 Plus,Honor 7 Versions earlier than 6.9.16"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Privileged Execute-Never (PXN) defense mechanism failure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
          },
          {
            "name": "93885",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93885"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:honor_6_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:honor_6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:honor_6_plus_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:honor_6_plus:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:honor_7_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:honor_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2016-8768"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-254"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
            },
            {
              "name": "93885",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93885"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-04-11T01:06Z",
      "publishedDate": "2017-04-02T20:59Z"
    }
  }
}

VAR-201704-0500

Vulnerability from variot - Updated: 2023-12-18 14:01

Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege. HuaweiHonor is a smartphone product of China Huawei. Huawei mobile phone has a PXN protection mechanism failure security vulnerability. Due to the security vulnerabilities of PXN (Privileged Execute-Never) protection mechanism in the driver code of Huawei mobile phones, the attacker can induce users to install malicious applications. The application can close the PXN protection mechanism by calling the relevant driver code, resulting in rejection. Service attack. Multiple Huawei Products are prone to a local privilege-escalation. An attacker can exploit this issue to gain elevated privileges or crash the system resulting in a denial-of-service condition. Note: This issue was previously titled 'Multiple Huawei Products CVE-2016-8768 Local Denial of Service Vulnerability'. The title and technical details have been changed to better reflect the underlying component affected

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0500",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "honor 6 plus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "honor 7",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "honor 6",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "honor 6 plus",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "6.9.16"
      },
      {
        "model": "honor 6",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "6.9.16"
      },
      {
        "model": "honor 7",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "6.9.16"
      },
      {
        "model": "glory",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "6\u003c6.9.16"
      },
      {
        "model": "glory plus",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "6\u003c6.9.16"
      },
      {
        "model": "glory",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "7\u003c6.9.16"
      },
      {
        "model": "honor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "76.9"
      },
      {
        "model": "honor plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "66.9"
      },
      {
        "model": "honor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "66.9"
      },
      {
        "model": "honor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "76.9.16"
      },
      {
        "model": "honor plus",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "66.9.16"
      },
      {
        "model": "honor",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "66.9.16"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10430"
      },
      {
        "db": "BID",
        "id": "93885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008264"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-763"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:honor_6_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:honor_6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:honor_6_plus_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:honor_6_plus:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:honor_7_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:honor_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8768"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Zhao Jianqiang, Chen Gengjia, Wang Qize, Zhu Bin and Pan Yu.",
    "sources": [
      {
        "db": "BID",
        "id": "93885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-763"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-8768",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-8768",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 1.2,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.9,
            "id": "CNVD-2016-10430",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-97588",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-8768",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-8768",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-10430",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-763",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97588",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10430"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008264"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-763"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege. HuaweiHonor is a smartphone product of China Huawei. Huawei mobile phone has a PXN protection mechanism failure security vulnerability. Due to the security vulnerabilities of PXN (Privileged Execute-Never) protection mechanism in the driver code of Huawei mobile phones, the attacker can induce users to install malicious applications. The application can close the PXN protection mechanism by calling the relevant driver code, resulting in rejection. Service attack. Multiple Huawei Products are prone to a local privilege-escalation. \nAn attacker can exploit this issue to gain elevated privileges or crash the system resulting in a denial-of-service condition. \nNote: This issue was previously titled \u0027Multiple Huawei Products  CVE-2016-8768 Local Denial of Service Vulnerability\u0027. The title and technical details have been changed to better reflect the underlying  component affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8768"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008264"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-10430"
      },
      {
        "db": "BID",
        "id": "93885"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97588"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8768",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "93885",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008264",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-763",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-10430",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-97588",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10430"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97588"
      },
      {
        "db": "BID",
        "id": "93885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008264"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-763"
      }
    ]
  },
  "id": "VAR-201704-0500",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10430"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97588"
      }
    ],
    "trust": 1.4947201749999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10430"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:01:39.429000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20161026-01-pxn",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
      },
      {
        "title": "Huawei mobile phone has a patch for PXN protection mechanism failure security vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/83312"
      },
      {
        "title": "Huawei Honor6 , Honor6P  and Honor7 Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65117"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10430"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-763"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-254",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97588"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008264"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8768"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/93885"
      },
      {
        "trust": 2.0,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161026-01-pxn-en"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8768"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8768"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161026-01-pxn-cn"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10430"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97588"
      },
      {
        "db": "BID",
        "id": "93885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008264"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-763"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-10430"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97588"
      },
      {
        "db": "BID",
        "id": "93885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008264"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8768"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-763"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-10430"
      },
      {
        "date": "2017-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97588"
      },
      {
        "date": "2016-10-26T00:00:00",
        "db": "BID",
        "id": "93885"
      },
      {
        "date": "2017-05-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008264"
      },
      {
        "date": "2017-04-02T20:59:01.360000",
        "db": "NVD",
        "id": "CVE-2016-8768"
      },
      {
        "date": "2016-10-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-763"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-10430"
      },
      {
        "date": "2017-04-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97588"
      },
      {
        "date": "2016-12-20T03:02:00",
        "db": "BID",
        "id": "93885"
      },
      {
        "date": "2017-05-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008264"
      },
      {
        "date": "2017-04-11T01:06:41.360000",
        "db": "NVD",
        "id": "CVE-2016-8768"
      },
      {
        "date": "2016-10-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-763"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-763"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Huawei In smartphone software  PXN Vulnerability that disables the defense mechanism",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008264"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-763"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-10430

Vulnerability from cnvd - Published: 2016-11-01

Title

华为手机存在PXN防护机制失效安全漏洞

Description

Huawei Honor是中国华为公司的智能手机产品。华为手机存在PXN防护机制失效安全漏洞。由于多款华为手机的驱动代码中存在PXN（Privileged Execute-Never）防护机制失效的安全漏洞，攻击者可诱使用户安装恶意应用程序，应用程序可以通过调用相关驱动代码，关闭PXN防护机制，导致拒绝服务攻击。

Severity

低

Patch Name

华为手机存在PXN防护机制失效安全漏洞的补丁

Patch Description

Huawei Honor是中国华为公司的智能手机产品。华为手机存在PXN防护机制失效安全漏洞。由于多款华为手机的驱动代码中存在PXN（Privileged Execute-Never）防护机制失效的安全漏洞，攻击者可诱使用户安装恶意应用程序，应用程序可以通过调用相关驱动代码，关闭PXN防护机制。攻击者利用漏洞可导致拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已提供漏洞修补方案，请关注如下链接及时更新： http://www.huawei.com/cn/psirt/report-vulnerabilities

Reference

http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161026-01-pxn-cn http://www.securityfocus.com/bid/93885

Impacted products

Name
['Huawei 荣耀6 <6.9.16', 'Huawei 荣耀6 Plus <6.9.16', 'Huawei 荣耀7 <6.9.16']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93885"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8768"
    }
  },
  "description": "Huawei Honor\u662f\u4e2d\u56fd\u534e\u4e3a\u516c\u53f8\u7684\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002\r\n\r\n\u534e\u4e3a\u624b\u673a\u5b58\u5728PXN\u9632\u62a4\u673a\u5236\u5931\u6548\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u591a\u6b3e\u534e\u4e3a\u624b\u673a\u7684\u9a71\u52a8\u4ee3\u7801\u4e2d\u5b58\u5728PXN\uff08Privileged Execute-Never\uff09\u9632\u62a4\u673a\u5236\u5931\u6548\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\uff0c\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u901a\u8fc7\u8c03\u7528\u76f8\u5173\u9a71\u52a8\u4ee3\u7801\uff0c\u5173\u95edPXN\u9632\u62a4\u673a\u5236\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "\u8d75\u5efa\u5f3a\u3001\u9648\u803f\u4f73\u3001\u738b\u542f\u6cfd\u3001\u6731\u658c\u548c\u6f58\u5b87",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5982\u4e0b\u94fe\u63a5\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/cn/psirt/report-vulnerabilities",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10430",
  "openTime": "2016-11-01",
  "patchDescription": "Huawei Honor\u662f\u4e2d\u56fd\u534e\u4e3a\u516c\u53f8\u7684\u667a\u80fd\u624b\u673a\u4ea7\u54c1\u3002\r\n\r\n\u534e\u4e3a\u624b\u673a\u5b58\u5728PXN\u9632\u62a4\u673a\u5236\u5931\u6548\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u591a\u6b3e\u534e\u4e3a\u624b\u673a\u7684\u9a71\u52a8\u4ee3\u7801\u4e2d\u5b58\u5728PXN\uff08Privileged Execute-Never\uff09\u9632\u62a4\u673a\u5236\u5931\u6548\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u8bf1\u4f7f\u7528\u6237\u5b89\u88c5\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\uff0c\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u901a\u8fc7\u8c03\u7528\u76f8\u5173\u9a71\u52a8\u4ee3\u7801\uff0c\u5173\u95edPXN\u9632\u62a4\u673a\u5236\u3002\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u534e\u4e3a\u624b\u673a\u5b58\u5728PXN\u9632\u62a4\u673a\u5236\u5931\u6548\u5b89\u5168\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei \u8363\u80006 \u003c6.9.16",
      "Huawei \u8363\u80006 Plus \u003c6.9.16",
      "Huawei \u8363\u80007 \u003c6.9.16"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161026-01-pxn-cn\r\nhttp://www.securityfocus.com/bid/93885",
  "serverity": "\u4f4e",
  "submitTime": "2016-10-27",
  "title": "\u534e\u4e3a\u624b\u673a\u5b58\u5728PXN\u9632\u62a4\u673a\u5236\u5931\u6548\u5b89\u5168\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8768 (GCVE-0-2016-8768)

FKIE_CVE-2016-8768

GHSA-CQ9V-CCM4-PRW3

GSD-2016-8768

VAR-201704-0500

CNVD-2016-10430

Tags

Sightings

Nomenclature