CVE-2019-5216

7HIGH

Key Information:

Vendor: Huawei
Status: Honor V10, Honor 10, Honor Play
Vendor: CVE Published:; 6 June 2019

Summary

There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code.

Affected Version(s)

Honor V10, Honor 10, Honor Play Versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8)

Honor V10, Honor 10, Honor Play Versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8)

Honor V10, Honor 10, Honor Play Versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2019
Vulnerability Reserved
Jan 4, 2019