Out-of-Bounds Read and Write Vulnerability in HUAWEI P30 Pro by HUAWEI
CVE-2020-9107

5.5MEDIUM

Key Information:

Vendor: Huawei
Status: Huawei P30 Pro
Vendor: CVE Published:; 12 October 2020

Summary

The HUAWEI P30 Pro is subject to an out-of-bounds read and write vulnerability that can be exploited by unauthenticated attackers. By crafting a specially malformed message with specific parameters and sending it to vulnerable devices, an attacker can leverage insufficient validation, potentially causing the affected process to reboot. This exposes users to risks, making it crucial to update to versions 10.1.0.160(C00E160R2P8) or later to mitigate these threats.

Affected Version(s)

HUAWEI P30 Pro Versions earlier than 10.1.0.160(C00E160R2P8)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2020
Vulnerability Reserved
Feb 18, 2020