VAR-201704-0395
Vulnerability from variot - Updated: 2025-04-20 23:26Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. HuaweiP7 and P8 Youth Edition are both Huawei's smartphone devices. GPUdriver is one of the graphics drivers. A refusal service vulnerability exists in the GPU drivers in HuaweiP7 and P8 Youth. An attacker could exploit the vulnerability to trick the phone system into crashes by tricking the user into installing a malicious application and entering an illegal parameter into the product's graphics processing unit (GPU) driver. The following products and versions are affected: Huawei P7-L00C17B851 earlier, P7-L05C00B851 earlier, P7-L09C92B851 earlier; P8 Youth Edition ALE-UL00B211 earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0395",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p7",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "*"
},
{
"model": "p8 ale-ul00",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "*"
},
{
"model": "p7",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "p7-l00c17b851"
},
{
"model": "p7",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "p7-l05c00b851"
},
{
"model": "p7",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "p7-l09c92b851"
},
{
"model": "p8 ale-ul00",
"scope": "lt",
"trust": 0.8,
"vendor": "huawei",
"version": "ale-ul00b211"
},
{
"model": "p7 \u003cp7-l00c17b851",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p7 \u003cp7-l05c00b851",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p7 \u003cp7-l09c92b851",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 ale-ul00 \u003cale-ul00b211",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p7",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "p8 ale-ul00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08779"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007525"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-765"
},
{
"db": "NVD",
"id": "CVE-2015-7740"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:huawei:p7_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:huawei:p8_ale-ul00_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007525"
}
]
},
"cve": "CVE-2015-7740",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-7740",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-08779",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-85701",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2015-7740",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7740",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7740",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-08779",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-765",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85701",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08779"
},
{
"db": "VULHUB",
"id": "VHN-85701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007525"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-765"
},
{
"db": "NVD",
"id": "CVE-2015-7740"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. HuaweiP7 and P8 Youth Edition are both Huawei\u0027s smartphone devices. GPUdriver is one of the graphics drivers. A refusal service vulnerability exists in the GPU drivers in HuaweiP7 and P8 Youth. An attacker could exploit the vulnerability to trick the phone system into crashes by tricking the user into installing a malicious application and entering an illegal parameter into the product\u0027s graphics processing unit (GPU) driver. The following products and versions are affected: Huawei P7-L00C17B851 earlier, P7-L05C00B851 earlier, P7-L09C92B851 earlier; P8 Youth Edition ALE-UL00B211 earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7740"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007525"
},
{
"db": "CNVD",
"id": "CNVD-2017-08779"
},
{
"db": "VULHUB",
"id": "VHN-85701"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7740",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007525",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-765",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-08779",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85701",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08779"
},
{
"db": "VULHUB",
"id": "VHN-85701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007525"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-765"
},
{
"db": "NVD",
"id": "CVE-2015-7740"
}
]
},
"id": "VAR-201704-0395",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08779"
},
{
"db": "VULHUB",
"id": "VHN-85701"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08779"
}
]
},
"last_update_date": "2025-04-20T23:26:07.652000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Huawei-SA-20151106-01-GPU",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/hw-460486"
},
{
"title": "HuaweiP7 and P8 Youth Edition GPU Driver Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/94998"
},
{
"title": "Huawei P7 and P8 Youth version GPU Driver input verification vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70696"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08779"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007525"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-765"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007525"
},
{
"db": "NVD",
"id": "CVE-2015-7740"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-460486.htm"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7740"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7740"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08779"
},
{
"db": "VULHUB",
"id": "VHN-85701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007525"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-765"
},
{
"db": "NVD",
"id": "CVE-2015-7740"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-08779"
},
{
"db": "VULHUB",
"id": "VHN-85701"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007525"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-765"
},
{
"db": "NVD",
"id": "CVE-2015-7740"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08779"
},
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-85701"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007525"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-765"
},
{
"date": "2017-04-13T14:59:00.870000",
"db": "NVD",
"id": "CVE-2015-7740"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08779"
},
{
"date": "2017-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-85701"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007525"
},
{
"date": "2017-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-765"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-7740"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-765"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei P7 and P8 ALE-UL00 Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007525"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-765"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…