Use-After-Free Vulnerability in Huawei Smartphones
CVE-2020-9065

5.5MEDIUM

Key Information:

Vendor: Huawei
Status: Taurus-al00b
Vendor: CVE Published:; 26 March 2020

What is CVE-2020-9065?

The Taurus-AL00B smartphone from Huawei, specifically versions prior to 10.0.0.203(C00E201R7P2), is susceptible to a use-after-free vulnerability. This flaw allows an authenticated, local attacker to carry out specific actions that may compromise the device's information integrity and overall availability. Exploiting this vulnerability could lead to unauthorized access or manipulation of sensitive data, emphasizing the importance of timely software updates for device security.

Affected Version(s)

Taurus-AL00B Versions earlier than 10.0.0.203(C00E201R7P2)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2020
Vulnerability Reserved
Feb 18, 2020