Race Condition Vulnerability in Huawei Smartphones P30, P30 Pro, and Honor V20
CVE-2019-5228

7.8HIGH

Key Information:

Vendor
Huawei
Vendor
CVE Published:
12 November 2019

Summary

A race condition vulnerability exists in certain detection modules of Huawei's P30, P30 Pro, and Honor V20 smartphones. The flaw arises because the system fails to properly lock certain functions when they are accessed simultaneously by multiple processes, leading to potential out of bounds write scenarios. If exploited, this vulnerability allows an attacker to trick users into installing malicious applications, which could lead to unauthorized code execution on the affected devices. It is crucial for users to update their devices to the latest firmware version to mitigate this risk.

Affected Version(s)

P30, P30 Pro, Honor V20 Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3)

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.