CVE-2020-9123 — Out-of-bounds Write in Huawei P30 PRO Firmware

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 39.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei P30 PRO Firmware Huawei P30 PRO

Timeline

PublishedOct 12

Latest updateMay 24

Description

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/p30_pro_firmware< 10.1.0.160\(c00e160r2p8\)+1

▶CVEListV5huawei/huawei_p30_proVersions earlier than 10.1.0.160(C00E160R2P8),Versions earlier than 10.1.0.160(C01E160R2P8)

🔴Vulnerability Details

GHSA

GHSA-855f-rqvc-24wm: HUAWEI P30 Pro versions earlier than 10↗2022-05-24

▶

CVEList

CVE-2020-9123: HUAWEI P30 Pro versions earlier than 10↗2020-10-12

▶

💬Community

Bugzilla

CVE-2019-19906 cyrus-sasl: denial of service in _sasl_add_string function↗2020-01-16

▶