Pointer Double Free Vulnerability in Huawei Smartphones
CVE-2021-22303

3.3LOW

Key Information:

Vendor: Huawei
Status: Taurus-al00a
Vendor: CVE Published:; 6 February 2021

What is CVE-2021-22303?

A pointer double free vulnerability exists in the Taurus-AL00A smartphone, specifically in version 10.0.0.1 (C00E1R1P1). This flaw arises from inadequate multi-thread protection during function execution, enabling attackers to exploit this weakness. By executing crafted malicious operations, an attacker may trigger a pointer double free condition, potentially leading to a module crash and affecting the normal functioning of the device.

Affected Version(s)

Taurus-AL00A 10.0.0.1(C00E1R1P1)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2021
Vulnerability Reserved
Jan 5, 2021