Race Condition Vulnerability in Huawei Smartphones P30, P30 Pro, and Honor V20
CVE-2019-5228

7.8HIGH

Key Information:

Vendor: Huawei
Status: P30, P30 Pro, Honor V20
Vendor: CVE Published:; 12 November 2019

Summary

A race condition vulnerability exists in certain detection modules of Huawei's P30, P30 Pro, and Honor V20 smartphones. The flaw arises because the system fails to properly lock certain functions when they are accessed simultaneously by multiple processes, leading to potential out of bounds write scenarios. If exploited, this vulnerability allows an attacker to trick users into installing malicious applications, which could lead to unauthorized code execution on the affected devices. It is crucial for users to update their devices to the latest firmware version to mitigate this risk.

Affected Version(s)

P30, P30 Pro, Honor V20 Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2019
Vulnerability Reserved
Jan 4, 2019