Huawei Barca-Al00 Firmware vulnerabilities

CVE-2019-2215 [HIGH] CWE-416 CVE-2019-2215: A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kerne A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-14172009

CVE-2019-9506 [HIGH] CWE-310 CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encrypti The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.