Vulnerabilities > CVE-2020-9262 - Use After Free vulnerability in Huawei Mate 30 Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

huawei

CWE-416

NVD

Published: 2020-07-06

Updated: 2020-07-09

Summary

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Mate 30 Firmware - Huawei Mate 30 Firmware 10.0.0.182\(C00E180R6P2\) Huawei Mate 30 Firmware 10.0.0.203\(C00E201R7P2\) Huawei Mate 30 Firmware 10.0.0.203\(C00E202R7P2\) Huawei Mate 30 Firmware 10.0.0.205\(C00E201R7P2\) Huawei Mate 30 Firmware 10.1.0.126\(C00E125R5P3\)	6
Hardware	Huawei Huawei Mate 30 -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-06-smartphone-en