CVE-2020-9237Use After Free in Huawei Taurus-al00b Firmware

CWE-416Use After Free3 documents3 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 91.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Taurus-al00b Firmware
Timeline
PublishedAug 17
Latest updateMay 24

Description

Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/taurus-al00b_firmware< 10.1.0.126\(c00e125r5p3\)
CVEListV5huawei/taurus-al00b_firmwareVersions earlier than 10.1.0.126(C00E125R5P3)

🔴Vulnerability Details

2
GHSA
GHSA-w7q6-2xg4-7447: Huawei smartphone Taurus-AL00B with versions earlier than 102022-05-24
CVEList
CVE-2020-9237: Huawei smartphone Taurus-AL00B with versions earlier than 102020-08-17
CVE-2020-9237 — Use After Free in Huawei | cvebase