Use After Free Vulnerability in Taurus-AL00A Smartphone by Huawei
CVE-2021-22304
3.3LOW
Summary
A use after free vulnerability exists in the Taurus-AL00A smartphone, whereby a module may continue to reference memory after it has been freed. This issue arises during the handling of specific messages, allowing attackers to exploit the vulnerability by sending crafted messages. If successfully exploited, this could lead to a crash of the affected module, compromising the normal operation of the device and potentially leading to a denial of service.
Affected Version(s)
Taurus-AL00A 10.0.0.1(C00E1R1P1)
References
CVSS V3.1
Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved