Vulnerabilities > CVE-2021-22304 - Use After Free vulnerability in Huawei Taurus-Al00A Firmware 10.0.0.1(C00E1R1P1)

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

local

low complexity

huawei

CWE-416

NVD

Published: 2021-02-06

Updated: 2021-02-10

Summary

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Taurus Al00A Firmware 10.0.0.1\(C00E1R1P1\)	1
Hardware	Huawei Huawei Taurus Al00A -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-03-smartphone-en