CVE-2020-9065Use After Free in Huawei Taurus-al00b Firmware

CWE-416Use After Free3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 82.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Taurus-al00b Firmware
Timeline
PublishedMar 26
Latest updateMay 24

Description

Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper with the information to affect the availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDhuawei/taurus-al00b_firmware< 10.0.0.203\(c00e201r7p2\)
CVEListV5huawei/taurus-al00b_firmwareVersions earlier than 10.0.0.203(C00E201R7P2)

🔴Vulnerability Details

2
GHSA
GHSA-qh3h-hjmm-mvg3: Huawei smart phone Taurus-AL00B with versions earlier than 102022-05-24
CVEList
CVE-2020-9065: Huawei smart phone Taurus-AL00B with versions earlier than 102020-03-26
CVE-2020-9065 — Use After Free in Huawei | cvebase