User After Free Vulnerability in Huawei Smartphone Taurus-AL00B
CVE-2020-9237

6.7MEDIUM

Key Information:

Vendor: Huawei
Status: Taurus-al00b
Vendor: CVE Published:; 17 August 2020

Summary

The Huawei Taurus-AL00B smartphone is susceptible to a user after free vulnerability due to inadequate lock protection within a module. Attackers can exploit this issue through specifically crafted requests, potentially disrupting the normal operation of the device. This vulnerability affects versions of the Taurus-AL00B that are earlier than 10.1.0.126(C00E125R5P3), highlighting the need for users to update their devices to ensure optimal security and functionality.

Affected Version(s)

Taurus-AL00B Versions earlier than 10.1.0.126(C00E125R5P3)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 17, 2020
Vulnerability Reserved
Feb 18, 2020