CVE-2019-5225 — Classic Buffer Overflow in Huawei Mate 20 Firmware

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 39.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Mate 20 Firmware Huawei P30 Firmware Huawei P30 PRO Firmware

Timeline

PublishedNov 29

Latest updateMay 24

Description

P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDhuawei/mate_20_firmware< hima-al00b_9.1.0.135\(c00e200r2p1\)

▶NVDhuawei/p30_firmware< elle-al00b_9.1.0.193\(c00e190r1p21\)

▶NVDhuawei/p30_pro_firmware< vogue-al00a_9.1.0.193\(c00e190r1p12\)

🔴Vulnerability Details

GHSA

GHSA-xxxq-m57r-j966: P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9↗2022-05-24

▶

CVEList

CVE-2019-5225: P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9↗2019-11-29

▶