Remote code execution in Several Huawei Smartphones



Published: 2020-05-14
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-0022
CWE-ID CWE-787
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Huawei P30 Pro
Client/Desktop applications / Multimedia software

Huawei P30
Client/Desktop applications / Multimedia software

Huawei nova 3e
Client/Desktop applications / Multimedia software

Huawei Mate 20 Pro
Client/Desktop applications / Multimedia software

Huawei P20 Pro
Client/Desktop applications / Multimedia software

Huawei P20
Client/Desktop applications / Multimedia software

Huawei Mate 20 X
Client/Desktop applications / Multimedia software

Huawei Mate 20
Client/Desktop applications / Multimedia software

Vendor Huawei

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Out-of-bounds write

EUVDB-ID: #VU25357

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-0022

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists within the System functionality of Android due to a boundary error when processing untrusted input in "reassemble_and_dispatch" of "packet_fragmenter.cc". A remote attacker can trigger out-of-bounds write and execute arbitrary code over Bluetooth on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Huawei P30 Pro: before 10.0.0.195

Huawei P30: before 10.0.0.195

Huawei nova 3e: before 9.1.0.338

Huawei Mate 20 Pro: before 10.0.0.198

Huawei P20 Pro: before 10.0.0.162

Huawei P20: before 10.0.0.162

Huawei Mate 20 X : before 10.0.0.195

Huawei Mate 20: before 10.0.0.195


CPE2.3 External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###