10.1.0.126(C00E125R5P3)

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

huawei

CWE-416

NVD

Published: 2020-07-06

Updated: 2020-07-09

Summary

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Mate 30 Firmware - Huawei Mate 30 Firmware 10.0.0.205\(C00E201R7P2\) Huawei Mate 30 Firmware 10.1.0.126\(C00E125R5P3\)	3
Hardware	Huawei Huawei Mate 30 -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-06-smartphone-en